Security Vulnerabilities - CVEs Published In January 2025
A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this vulnerability is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument text leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-24
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup Maker Popup Maker allows Stored XSS. This issue affects Popup Maker: from n/a through 1.20.2.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-24
Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.3.1.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-24
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-24
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IP2Location Download IP2Location Country Blocker allows Stored XSS. This issue affects Download IP2Location Country Blocker: from n/a through 2.38.3.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-01-24
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Booking & Appointment - Repute Infosystems BookingPress allows DOM-Based XSS. This issue affects BookingPress: from n/a through 1.1.25.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-24
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AddonMaster Post Grid Master allows PHP Local File Inclusion. This issue affects Post Grid Master: from n/a through 3.4.12.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-24
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-24
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Contact Form Email allows Stored XSS. This issue affects Contact Form Email: from n/a through 1.3.52.
CVSS Score
5.9
EPSS Score
0.001
Published
2025-01-24
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Modal Window allows Cross Site Request Forgery. This issue affects Modal Window: from n/a through 6.1.4.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-01-24