In iTop version 16.0 a high severity vulnerability CVE-2024-53588 was detected. This vulnerability allows attackers to run malicious code on the system by tricking iTop VPN into loading a fake DLL file. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53588.
In WP Image Uploader plugin for WordPress versions 1.0.1 and prior a high severity vulnerability CVE-2024-13720 was detected. This vulnerability allows unauthenticated attackers to delete arbitrary files on the server due to insufficient file path validation in the `gky_image_uploader_main_function()` function, potentially leading to remote code execution if critical files, such as`wp-config.php`, are deleted. To address this issue, users should upgrade to a patched version once available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13720.
Read more CMS Business and Enterprise Solutions
In StageShow plugin for WordPress versions 9.8.6 and prior a medium severity vulnerability CVE-2024-13705 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via improper escaping in the `remove_query_arg` function, potentially executing scripts when a user clicks on a malicious link. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13705.
Read more CMS Business and Enterprise Solutions
In Target Video Easy Publish plugin for WordPress versions up to and including 3.8.3 a medium severity vulnerability CVE-2024-13561 was detected. This vulnerability allows attackers to inject arbitrary web scripts via the brid_override_yt shortcode, leading to stored cross-site scripting (XSS). To address this issue, users should upgrade Target Video Easy Publish plugin for WordPress to version 3.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13561.
Read more CMS
In Competition Form plugin for WordPress versions 2.0 and prior a medium severity vulnerability CVE-2024-12749 was detected. This vulnerability allows attackers to execute reflected cross-site scripting (XSS) attacks, which could target high-privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12749.
Read more CMS
In ElementsKit Pro plugin for WordPress versions 3.7.8 and prior a medium severity vulnerability CVE-2025-0321 was detected. This vulnerability allows attackers with Contributor-level access and above to inject malicious web scripts via the ‘url’ parameter, leading to DOM-based stored cross-site scripting (XSS). To address this issue, users should upgrade ElementsKit Pro plugin to version 3.7.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0321.
Read more CMS
In MailUp Auto Subscription plugin for WordPress versions 1.1.0 and prior a medium severity vulnerability CVE-2024-13521 was detected. This vulnerability allows unauthenticated attackers to perform cross-site request forgery (CSRF) attacks, enabling them to update settings and inject malicious web scripts by tricking a site administrator into clicking a link. To address this issue, users should upgrade MailUp Auto Subscription plugin to version 1.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13521.
Read more CMS
In ThemeREX Addons plugin for WordPress versions 2.32.3 and prior a critical severity vulnerability CVE-2024-13448 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site’s server, potentially enabling remote code execution. To address this issue, users should upgrade ThemeREX Addons plugin to version 2.34.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13448.
Read more CMS
In WC Product Table WooCommerce Product Table Lite versions 3.8.7 and prior a medium severity vulnerability CVE-2025-24596 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels, leading to unauthorized actions. To address this issue, users should upgrade WordPress WooCommerce Product Table Lite wordpress plugin to a version 3.9.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24596.
Read more E-commerce