Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-04-08	CVE-2025-2882	The GreenPay(tm) by Green.Money plugin for WordPress is vulnerable to Sensitive Information Exposure in versions between 3.0.0 and 3.0.9 through the publicly accessible phpinfo.php script. network low complexity CWE-200	5.3
2025-04-08	CVE-2025-30013	SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. local low complexity CWE-94	6.7
2025-04-08	CVE-2025-30015	Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. network high complexity CWE-787	4.1
2025-04-08	CVE-2025-30017	Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. local low complexity CWE-862	4.4
2025-04-08	CVE-2025-31331	SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. network low complexity CWE-863	4.3
2025-04-08	CVE-2025-31332	Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause service downtime hence leading to a high impact on integrity and availability. local low complexity CWE-277	6.6
2025-04-08	CVE-2025-31333	SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. network low complexity CWE-472	4.3
2025-04-08	CVE-2019-25223	The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity CWE-89	4.9
2025-04-08	CVE-2025-3427	The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity CWE-89	4.9
2025-04-08	CVE-2025-3428	The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity CWE-89	4.9

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium