Vulnerabilities > Plex > Media Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-18 | CVE-2021-33959 | Origin Validation Error vulnerability in Plex Media Server Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service. | 7.5 |
| 2020-04-22 | CVE-2020-5740 | Uncontrolled Search Path Element vulnerability in Plex Media Server Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges. | 7.2 |
| 2018-08-13 | CVE-2018-13415 | XXE vulnerability in Plex Media Server 1.13.2.5154 In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. | 7.5 |
| 2014-12-07 | CVE-2014-9304 | Permissions, Privileges, and Access Controls vulnerability in Plex Media Server 0.9.9.2 Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server. | 7.5 |