Vulnerability Summary for the Week of January 6, 2025

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info
5centsCDN–5centsCDN	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 5centsCDN 5centsCDN allows Reflected XSS.This issue affects 5centsCDN: from n/a through 24.8.16.	2025-01-07	7.1	CVE-2025-22326
a3rev–Compare Products for WooCommerce	The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the ‘woo_compare_list’ cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.	2025-01-07	8.1	CVE-2024-12313
ABB–AC500 V3	An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of January 6, 2025 Related Tags: Bulletins EN Post navigation ← Carving How to generate safe, useful test data for Amazon Redshift → Search for: Social Social Media Daily summary Weekly summary Privacy Policy Legal & Contact Contact Apps Advertising Daily Summary Enter your email address: GDPR compliance Categories Categories Log in Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Primary
Vendor — Product

Description

Published

CVSS Score

Source Info

5centsCDN–5centsCDN

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 5centsCDN 5centsCDN allows Reflected XSS.This issue affects 5centsCDN: from n/a through 24.8.16.

2025-01-07

7.1

CVE-2025-22326

a3rev–Compare Products for WooCommerce

The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the ‘woo_compare_list’ cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

2025-01-07

8.1

CVE-2024-12313

ABB–AC500 V3

An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article:

Vulnerability Summary for the Week of January 6, 2025

← Carving

How to generate safe, useful test data for Amazon Redshift →

High Vulnerabilities

Read the original article:

Related

Post navigation