VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-01-15
CVE-2025-0437
Out-of-bounds Read vulnerability in Google Chrome
Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google
CWE-125
8.8
8.8
2025-01-15
CVE-2024-10775
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included.
network
low complexity
CWE-639
4.3
4.3
2025-01-15
CVE-2024-12403
The Image Gallery – Responsive Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'awsmgallery' parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-15
CVE-2024-12423
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.1
6.1
2025-01-15
CVE-2024-12818
The WP Smart TV plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tv-video-player' shortcode in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-15
CVE-2024-13351
The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rw_image_badge1' shortcode in all versions up to, and including, 5.20 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
7.2
7.2
2025-01-15
CVE-2024-9636
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3.
network
low complexity
CWE-269
critical
9.8
9.8
2025-01-15
CVE-2024-11870
The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-01-15
CVE-2024-4227
In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.
network
low complexity
CWE-834
7.5
7.5
2025-01-15
CVE-2024-13394
The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode in all versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
«
Previous
1
2
...
343
344
345
(current)
346
347
...
16747
16748
»
Next