Vulnerabilities > Plex > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-18 CVE-2021-33959 Origin Validation Error vulnerability in Plex Media Server
Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.
network
low complexity
plex CWE-346
7.5
2020-04-22 CVE-2020-5740 Uncontrolled Search Path Element vulnerability in Plex Media Server
Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges.
local
low complexity
plex CWE-427
7.2
2018-08-13 CVE-2018-13415 XXE vulnerability in Plex Media Server 1.13.2.5154
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack.
network
low complexity
plex CWE-611
7.5
2014-12-07 CVE-2014-9304 Permissions, Privileges, and Access Controls vulnerability in Plex Media Server 0.9.9.2
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.
network
low complexity
plex CWE-264
7.5