7.2
CVE-2024-13351 - Social proof testimonials and reviews by Repuso <= 5.20 - Authenticated (Contributor+) Stored Crossโฆ
The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rw_image_badge1' shortcode in all versions up to, and including, 5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This โฆ
6.4
CVE-2024-12818 - WP Smart TV <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WP Smart TV plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tv-video-player' shortcode in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticatedโฆ
6.1
CVE-2024-12403 - Image Gallery โ Responsive Photo Gallery <= 1.0.5 - Reflected Cross-Site Scripting
The Image Gallery โ Responsive Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'awsmgallery' parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackโฆ
6.1
CVE-2024-12423 - Contact Form 7 Redirect & Thank You Page <= 1.0.7 - Reflected Cross-Site Scripting
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to โฆ
4.3
CVE-2024-10775 - Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contriโฆ
9.8
CVE-2024-9636 - Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register oโฆ
7.5
CVE-2024-4227 - gSOAP: Vulnerable to specially crafted unencrypted SDC messages
In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.
5.8
CVE-2024-7322 - Dos in ZigBee device due to unsolicited encrypted rejoin response
A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this changeย in node ID causes Denial of Service (DoS). To recover from this DoS, the network must be re-established
7.2
CVE-2025-0356 -
NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network.
7.5
CVE-2025-0355 -
Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2โฆ