Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-22 CVE-2024-13406 Cross-site Scripting vulnerability in Icopydoc XML for Google Merchant Center
The XML for Google Merchant Center plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'feed_id' parameter in all versions up to, and including, 3.0.11 due to insufficient input sanitization and output escaping.
network
low complexity
icopydoc CWE-79
6.1
2025-01-22 CVE-2024-12879 Missing Authorization vulnerability in Quantumcloud Wpot
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versions up to, and including, 13.5.5.
network
low complexity
quantumcloud CWE-862
4.3
2025-01-22 CVE-2024-13584 Cross-site Scripting vulnerability in Videowhisper Picture Gallery
The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_pictures' shortcode in all versions up to, and including, 1.5.19 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
videowhisper CWE-79
5.4
2025-01-22 CVE-2024-13590 Cross-site Scripting vulnerability in Ayecode Ketchup Shortcodes
The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
ayecode CWE-79
5.4
2025-01-22 CVE-2024-13426 SQL Injection vulnerability in Wp-Polls Project Wp-Polls
The WP-Polls plugin for WordPress is vulnerable to SQL Injection via COOKIE in all versions up to, and including, 2.77.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
wp-polls-project CWE-89
5.3
2025-01-22 CVE-2024-13091 Unrestricted Upload of File with Dangerous Type vulnerability in Wpbot Wpot
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4.
network
low complexity
wpbot CWE-434
critical
9.8
2025-01-21 CVE-2023-37024 Reachable Assertion vulnerability in Linuxfoundation Magma
A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an `Emergency Number List` Information Element.
network
low complexity
linuxfoundation CWE-617
7.5
2025-01-21 CVE-2023-37025 NULL Pointer Dereference vulnerability in Linuxfoundation Magma
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Reset` packet missing an expected `ResetType` field.
low complexity
linuxfoundation CWE-476
6.5
2025-01-21 CVE-2023-37026 NULL Pointer Dereference vulnerability in Linuxfoundation Magma
A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Release Response` packet missing an expected `MME_UE_S1AP_ID` field.
low complexity
linuxfoundation CWE-476
6.5
2025-01-21 CVE-2023-37027 NULL Pointer Dereference vulnerability in Linuxfoundation Magma
Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Modification Indication` packet missing an expected `eNB_UE_S1AP_ID` field.
low complexity
linuxfoundation CWE-476
6.5