Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56044 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS allows Authentication Bypass.This issue affects WPLMS: from n/a through 1.9.9.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56043 |
Description: Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56042 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56040 |
Description: Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP allows Privilege Escalation.This issue affects VibeBP: from n/a through 1.9.9.4.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56039 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP allows SQL Injection.This issue affects VibeBP: from n/a before 1.9.9.7.7.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-11349 |
Description: The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 29th, 2024 (4 months ago)
|
|
CVE-2023-2986 |
Description: The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated attackers to log in as users who have abandoned the cart, who are typically customers. Further security hardening was introduced in version 5.15.1 that ensures sites are no longer vulnerable through historical check-out links, and additional hardening was introduced in version 5.15.2 that ensured null key values wouldn't permit the authentication bypass.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
December 29th, 2024 (4 months ago)
|
|
CVE-2024-11281 |
Description: The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id' value when option values are empty and the ability for attackers to change the email of arbitrary user accounts. This makes it possible for unauthenticated attackers to change the email of arbitrary user accounts, including administrators, and reset their password to gain access to the account.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 26th, 2024 (4 months ago)
|
|
CVE-2024-54215 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roninwp Revy.This issue affects Revy: from n/a through 1.18.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 21st, 2024 (4 months ago)
|
|
CVE-2024-54214 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Roninwp Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 21st, 2024 (4 months ago)
|