In Calculated Fields Form plugin for WordPress versions prior to 5.2.62 a low severity vulnerability CVE-2024-12273 was detected. This vulnerability allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting (XSS) attacks due to improper sanitization and escaping of certain settings, even when the unfiltered_html capability is disallowed (e.g., in multisite setups). To address this issue, users should upgrade Calculated Fields Form plugin to versions 5.2.62 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12273.
Read more CMS
In Admin and Site Enhancements (ASE) plugin for WordPress versions prior to 7.6.10 a medium severity vulnerability CVE-2024-13688 was detected. This vulnerability allows attackers to bypass the Password Protection feature by exploiting a hardcoded password through a crafted request. To address this issue, users should upgrade Admin and Site Enhancements (ASE) plugin to versions 7.6.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13688.
Read more CMS
In WP-Recall plugin for WordPress versions prior to 16.26.12 a low severity vulnerability CVE-2024-9771 was detected. This vulnerability allows high privilege users such as administrators to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed, such as in a multisite setup. To address this issue, users should upgrade WP-Recall plugin to versions 16.26.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9771.
Read more CMS
In Edumall theme for WordPress versions up to and including 4.2.4 a high severity vulnerability CVE-2025-2101 was detected. This vulnerability allows attackers to include and execute arbitrary PHP files on the server, potentially leading to code execution, bypassing access controls, or exposing sensitive information. To address this issue, users should upgrade Edumall theme to versions 4.3.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2101.
Read more CMS
In The Anps Theme plugin for WordPress versions up to and including 1.1.1 a medium severity vulnerability CVE-2024-13812 was detected. This vulnerability allows attackers to execute arbitrary shortcodes without authentication, potentially leading to site compromise. To address this issue, users should upgrade The Anps Theme plugin to versions 1.1.25 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13812.
Read more CMS
In Aeropage Sync for Airtable plugin for WordPress versions up to and including 3.2.0 a medium severity vulnerability CVE-2025-3915 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to delete arbitrary posts. To address this issue, users should upgrade Aeropage Sync for Airtable plugin to versions 3.3.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3915.
Read more CMS
In Add Custom Page Template plugin versions up to and including 2.0.1 a high severity vulnerability CVE-2025-3491 was detected. This vulnerability allows authenticated attackers with Administrator-level access and above to execute arbitrary code on the server via insufficient sanitization of the ‘template_name’ parameter. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3491.
Read more CMS
In Jupiter X Core plugin versions up to and including 4.8.11 a high severity vulnerability CVE-2025-2105 was detected. This vulnerability allows attackers to inject PHP objects via deserialization of untrusted input from the ‘file’ parameter of the ‘raven_download_file’ function, and if a POP chain exists through another plugin or theme, it may enable file deletion, data retrieval, or code execution. To address this issue, users should upgrade Jupiter X Core plugin to versions 4.8.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2105.
Read more CMS
In Upsell Funnel Builder for WooCommerce plugin for WordPress versions up to and including 3.0.0 a medium severity vulnerability CVE-2025-3743 was detected. This vulnerability allows unauthenticated attackers to manipulate the product ID and discount field associated with any order bump, enabling them to arbitrarily update the product and discount when adding it to the cart. To address this issue, users should upgrade Upsell Funnel Builder for WooCommerce plugin to versions 3.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3743.
Read more CMS