9.8
CVE-2025-23006 -
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands.
6.4
CVE-2024-13340 - MDTF – Meta Data and Taxonomies Filter <= 1.3.3.6 - Authenticated (Contributor+) Stored Cross-Site …
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This ma…
6.4
CVE-2024-12118 - The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticate…
6.4
CVE-2024-13389 - Cliptakes <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakes_input_email' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentic…
6.1
CVE-2024-13422 - SEO Blogger to WordPress Migration using 301 Redirection <= 0.4.8 - Reflected Cross-Site Scripting
The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate…
6.5
CVE-2024-13236 - Tainacan <= 0.21.12 - Authenticated (Subscriber+) SQL Injection
The Tainacan plugin for WordPress is vulnerable to SQL Injection via the 'collection_id' parameter in all versions up to, and including, 0.21.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for auth…
6.4
CVE-2024-12504 - Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 6.1.9 - Authenticated (Co…
The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user s…
7.5
CVE-2024-13234 - Product Table by WBW <= 2.1.2 - Unuthenticated SQL Injection
The Product Table by WBW plugin for WordPress is vulnerable to SQL Injection via the 'additionalCondition' parameter in all versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it p…
6.4
CVE-2024-12043 - Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16…
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'social_link_title' parameter of the 'blog' widget in all versions up to, and including, 3.16.5 due to insufficie…
6.3
CVE-2025-0635 - Denial of Service condition in M-Files Server
Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions.