In WordPress File Upload plugin versions up to 4.24.12 a critical severity vulnerability CVE-2024-11635 was detected. This vulnerability allows unauthenticated attackers to execute remote code via the ‘wfu_ABSPATH’ cookie parameter. To address this issue, users must upgrade to WordPress File Upload plugin version 4.24.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11635.
Read more CMS
In Deliver via Shipos for WooCommerce plugin versions up to 2.1.7 a medium severity vulnerability CVE-2024-12222 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘dvsfw_bulk_label_url’ parameter due to insufficient input sanitization and output escaping. At the moment, there is no patched version available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12222.
Read more E-commerce
In WooCommerce Check Pincode/Zipcode for Shipping plugin versions up to 2.0.4 a medium severity vulnerability CVE-2024-12218 was detected. This vulnerability allows unauthenticated attackers to inject malicious web scripts via a forged request due to missing or incorrect nonce validation. At the moment, there is no patched version available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12218.
Read more E-commerce
In WordPress Header Builder Plugin – Pearl versions up to 1.3.8 a medium severity vulnerability CVE-2024-12206 was detected. It allows attackers to delete headers by tricking admins into clicking malicious links. To address this issue, users should upgrade to version 1.3.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12206.
Read more CMS
In GitLab EE versions 18.5 before 18.5.5, 18.6 before 18.6.3 and 18.7 before 18.7.1 a medium severity vulnerability CVE-2025-13781 was detected. This vulnerability allows an authenticated attacker to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations. To address this issue, users should upgrade GitLab EE to versions 18.5.5, 18.6.3, 18.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13781.
Read more Developer Tools
In GitLab CE/EE versions 18.6 before 18.6.3 and 18.7 before 18.7.1 a high severity vulnerability CVE-2025-13761 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary code in the context of an authenticated user’s browser by exploiting improper input neutralization and convincing a user to visit a specially crafted webpage. To address this issue, users should upgrade GitLab CE/EE to versions 18.6.3, 18.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13761.
Read more Developer Tools
In GitLab CE/EE versions 15.4 before 18.5.5, 18.6 before 18.6.3 and 18.7 before 18.7.1 a medium severity vulnerability CVE-2025-11246 was detected. This vulnerability allows an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner associations due to insufficient granularity of access control. To address this issue, users should upgrade GitLab CE/EE to versions 18.5.5, 18.6.3, 18.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11246.
Read more Developer Tools
In GitLab CE/EE versions from 8.3 before 18.5.5, 18.6 before 18.6.3 and 18.7 before 18.7.1 a medium severity vulnerability CVE-2025-10569 was detected. This vulnerability allows an authenticated user to trigger a denial of service condition by supplying crafted responses to external API calls, exploiting missing limits or throttling on resource allocation. To address this issue, users should upgrade GitLab CE/EE to versions 18.5.5, 18.6.3, 18.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-10569.
Read more Developer Tools
In GitLab EE versions 18.4 before 18.5.5, 18.6 before 18.6.3 and 18.7 before 18.7.1 a high severity vulnerability CVE-2025-13772 was detected. This vulnerability allows an authenticated attacker to access and use AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests due to missing authorization checks. To address this issue, users should upgrade GitLab EE to versions 18.5.5, 18.6.3, 18.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13772.
Read more Developer Tools