Security Vulnerabilities - CVEs Published In January 2025
A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. It has been rated as critical. This issue affects some unknown processing of the file /doc.html. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-02
Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro allows Authentication Bypass.This issue affects ListingPro: from n/a through 2.9.4.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-01-02
A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-02
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.8.
CVSS Score
6.3
EPSS Score
0.002
Published
2025-01-02
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.6.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-01-02
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AyeCode - WP Business Directory Plugins GeoDirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through 2.3.84.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-01-02
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AF themes WP Post Author allows SQL Injection.This issue affects WP Post Author: from n/a through 3.8.2.
CVSS Score
7.6
EPSS Score
0.002
Published
2025-01-02
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.9.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-01-02
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.14.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-01-02
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 24.0.3.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-01-02