Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2025
CVE-2024-57095
SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload.
CVSS Score
6.8
EPSS Score
0.002
Published
2025-01-24
CVE-2025-24746
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-01-24
CVE-2025-24753
Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.3.1.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-24
CVE-2025-24729
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-01-24
CVE-2025-24731
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IP2Location Download IP2Location Country Blocker allows Stored XSS. This issue affects Download IP2Location Country Blocker: from n/a through 2.38.3.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-01-24
CVE-2025-24733
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AddonMaster Post Grid Master allows PHP Local File Inclusion. This issue affects Post Grid Master: from n/a through 3.4.12.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-24
CVE-2025-24736
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-24
CVE-2025-24727
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Contact Form Email allows Stored XSS. This issue affects Contact Form Email: from n/a through 1.3.52.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-01-24
CVE-2025-24717
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-01-24
CVE-2025-24715
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery. This issue affects Counter Box: from n/a through 2.0.5.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-01-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved