In Mautic versions above 4.4 a high severity vulnerability CVE-2024-47056 was detected. This vulnerability allows unauthenticated attackers to access sensitive .env configuration files via a web browser due to improper web server restrictions, potentially exposing database credentials, API keys, and other critical data. To address this issue, users should upgrade Mautic to versions 6.0.2, 5.2.6 or 4.4.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47056.
Read more Marketing Automation
In Mautic versions above 5.0 a medium severity vulnerability CVE-2024-47055 was detected. This vulnerability allows authenticated users to clone segments without proper authorization due to missing permission checks in the segment cloning functionality. To address this issue, users should upgrade Mautic to versions 5.2.6 or 6.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47055.
Read more Marketing Automation
In WP Extended plugin for WordPress versions up to and including 3.0.15 a medium severity vulnerability CVE-2025-4963 was detected. This vulnerability allows authenticated attackers with Author-level access or higher to upload malicious SVG files containing scripts, resulting in Stored Cross-Site Scripting (XSS) that executes whenever a user accesses the SVG file. To address this issue, users should upgrade WP Extended plugin to version 3.0.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4963.
Read more CMS
In Likes and Dislikes plugin for WordPress versions up to and including 1.0.0 a high severity vulnerability CVE-2025-5287 was detected. This vulnerability allows unauthenticated attackers to perform SQL Injection via the ‘post’ parameter, potentially enabling them to extract sensitive information from the database. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5287.
Read more CMS
In WP Attachments plugin for WordPress versions up to and including 5.0.12 a medium severity vulnerability CVE-2025-5082 was detected. This vulnerability allows unauthenticated attackers to perform Reflected Cross-Site Scripting (XSS) via the `attachment_id` parameter, enabling script injection if a user is tricked into clicking a malicious link. To address this issue, users should upgrade WP Attachments plugin to versions 5.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5082.
Read more CMS
In MasterStudy LMS Pro plugin versions up to and including 4.7.0 a high severity vulnerability CVE-2025-4800 allows authenticated users with Subscriber-level access or higher to upload arbitrary files due to missing file type validation in the `stm_lms_add_assignment_attachment` function. This could potentially lead to remote code execution on the server. To address this issue, users should upgrade MasterStudy LMS Pro plugin to versions 4.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4800.
Read more CMS
In Grafana versions >= 11.2,>= 11.3, >= 11.4, >= 11.5, >= 11.6, >= 12.0 a high severity vulnerability CVE-2025-4123 was detected. This vulnerability allows attackers to redirect users to a malicious site hosting a plugin that executes arbitrary JavaScript, even without editor permissions, and is exploitable if anonymous access is enabled. To address this issue, users should update Grafana to versions 12.0.0+security-01, 11.6.1+security-01, 11.5.4+security-01, 11.4.4+security-01, 11.3.6+security-01, 11.2.9+security-01 or 10.4.18+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4123.
Read more Data Analytics
In Grafana OSS versions 12.0.0 up to 12.0.1, 11.6.1 up to 11.6.2, 11.5.4 up to 11.5.5 a medium severity vulnerability CVE-2025-3580 was detected. This access control flaw allows an Organization administrator to permanently delete a Server administrator account (if the Server admin is in the same organization or unassigned) potentially leaving the instance without any super-user and rendering it unmanageable. To address this issue, users should upgrade Grafana to versions 10.4.19, 11.2.10, 11.3.7, 11.4.5, 11.5.5, 11.6.2 or 12.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3580.
Read more Data Analytics
In Exclusive Addons for Elementor plugin for WordPress versions up to and including 2.7.9.1 a medium severity vulnerability CVE-2025-4783 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts via the Countdown Timer Widget’s HTML attributes, which execute when a user accesses an affected page. To address this issue, users should upgrade Exclusive Addons for Elementor plugin to versions 2.7.9.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4783.
Read more CMS