|
3831
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-12240
|
2025-01-14 20:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3832
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2024-53649
|
2025-01-14 20:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3833
|
7.1 |
HIGH
Network
|
-
|
-
|
A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-…
|
CWE-352
Origin Validation Error
|
CVE-2024-47100
|
2025-01-14 20:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3834
|
- |
|
-
|
-
|
SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management pa…
|
CWE-89
SQL Injection
|
CVE-2025-20620
|
2025-01-14 19:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3835
|
- |
|
-
|
-
|
OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may execute an arbitrary OS comm…
|
CWE-78
OS Command
|
CVE-2025-20055
|
2025-01-14 19:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3836
|
- |
|
-
|
-
|
OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340/D440 provided by Y'S corporation. A user with an administrative privilege who logged in to the web management…
|
CWE-78
OS Command
|
CVE-2025-20016
|
2025-01-14 19:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3837
|
9.8 |
CRITICAL
Network
-
|
-
|
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, …
|
CWE-287
Improper Authentication
|
CVE-2024-12919
|
2025-01-14 19:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
3838
|
8.8 |
HIGH
Network
|
-
|
-
|
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_bi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-0394
|
2025-01-14 18:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3839
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce val…
|
CWE-352
Origin Validation Error
|
CVE-2025-0393
|
2025-01-14 18:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3840
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘heading’ parameter in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13156
|
2025-01-14 18:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
