Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12252 |
Description: The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 8th, 2025 (3 months ago)
|
|
CVE-2024-12583 |
Description: The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
CVSS: CRITICAL (9.9) EPSS Score: 0.06%
January 5th, 2025 (3 months ago)
|
|
CVE-2024-56249 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Webdeclic WPMasterToolKit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through 1.13.1.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 3rd, 2025 (4 months ago)
|
|
CVE-2024-56220 |
Description: Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wireless SMS Notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56205 |
Description: Incorrect Privilege Assignment vulnerability in AI Magic allows Privilege Escalation.This issue affects AI Magic: from n/a through 1.0.4.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56071 |
Description: Incorrect Privilege Assignment vulnerability in Mike Leembruggen Simple Dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through 2.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56066 |
Description: Missing Authorization vulnerability in Inspry Agency Toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through 1.0.23.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56064 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56046 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56045 |
Description: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|