Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-56198
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability
Description: path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0.

CVSS: CRITICAL (9.3)

EPSS Score: 0.05%

Source: CVE
January 1st, 2025 (4 months ago)

CVE-2024-56071
WordPress Simple Dashboard plugin <= 2.0 - Privilege Escalation vulnerability
Description: Incorrect Privilege Assignment vulnerability in Mike Leembruggen Simple Dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through 2.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (4 months ago)

CVE-2024-56066
WordPress Agency Toolkit plugin <= 1.0.23 - Privilege Escalation vulnerability
Description: Missing Authorization vulnerability in Inspry Agency Toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through 1.0.23.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (4 months ago)

CVE-2024-56064
WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3.

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (4 months ago)

CVE-2024-56046
WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (4 months ago)

CVE-2024-56045
WordPress WPLMS plugin < 1.9.9.5 - Unauthenticated Arbitrary Directory Deletion vulnerability
Description: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (4 months ago)

CVE-2024-56044
WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary User Token Generation vulnerability
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS allows Authentication Bypass.This issue affects WPLMS: from n/a through 1.9.9.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (4 months ago)

CVE-2024-56043
WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Privilege Escalation vulnerability
Description: Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (4 months ago)

CVE-2024-56042
WordPress WPLMS plugin < 1.9.9.5.3 - Unauthenticated SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (4 months ago)

CVE-2024-56040
WordPress VibeBP plugin <= 1.9.9.4.1 - Unauthenticated Privilege Escalation vulnerability
Description: Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP allows Privilege Escalation.This issue affects VibeBP: from n/a through 1.9.9.4.1.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (4 months ago)