6.4
CVE-2024-13389 - Cliptakes <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakes_input_email' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticβ¦
6.1
CVE-2024-13422 - SEO Blogger to WordPress Migration using 301 Redirection <= 0.4.8 - Reflected Cross-Site Scripting
The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticateβ¦
6.5
CVE-2024-13236 - Tainacan <= 0.21.12 - Authenticated (Subscriber+) SQL Injection
The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authβ¦
6.4
CVE-2024-12504 - Broadcast Live Video β Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Coβ¦
The Broadcast Live Video β Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user sβ¦
7.5
CVE-2024-13234 - Product Table by WBW <= 2.1.2 - Unuthenticated SQL Injection
The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the 'additionalCondition' parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it pβ¦
6.4
CVE-2024-12043 - Prime Slider β Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16β¦
The Prime Slider β Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'social_link_title' parameter of the 'blog' widget in all versions up to, and including, 3.16.5 due to insufficieβ¦
6.3
CVE-2025-0635 - Denial of Service condition in M-Files Server
Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions.
4.6
CVE-2025-0619 - Unsafe stored password recovery
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords
5.9
CVE-2025-0648 - M-Files Server crash via EOT database driver configuration
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change.
6.5
CVE-2024-43708 -
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana.