Security Vulnerabilities - CVEs Published In January 2025
In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal().
CVSS Score
4.0
EPSS Score
0.0
Published
2025-01-10
The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts.
CVSS Score
5.3
EPSS Score
0.003
Published
2025-01-10
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.002
Published
2025-01-10
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.003
Published
2025-01-10
A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload (which has been injected into all survey fields) is executed, potentially enabling the execution of arbitrary web scripts.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-01-09
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
CVSS Score
8.8
EPSS Score
0.035
Published
2025-01-09
A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
CVSS Score
5.4
EPSS Score
0.002
Published
2025-01-09
Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function.
CVSS Score
8.8
EPSS Score
0.02
Published
2025-01-09
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
CVSS Score
8.8
EPSS Score
0.483
Published
2025-01-09
Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9.
CVSS Score
5.3
EPSS Score
0.004
Published
2025-01-09