CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11015 |
Description: The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-10124 |
Description: The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-54215 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Envato Security Team Revy.This issue affects Revy: from n/a through 1.18.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-53822 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-43222 |
Description: Missing Authorization vulnerability in Envato Security Team Sweet Date.This issue affects Sweet Date: from n/a through 3.7.3.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2023-32117 |
Description: Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.
CVSS: CRITICAL (9.8) EPSS Score: 0.25%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-12209 |
Description: The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 2.91%
December 9th, 2024 (6 months ago)
|
|
CVE-2024-54214 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
December 7th, 2024 (7 months ago)
|
|
CVE-2024-53810 |
Description: Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
December 7th, 2024 (7 months ago)
|
|
CVE-2024-51815 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114.
CVSS: CRITICAL (9.0) EPSS Score: 0.04%
December 7th, 2024 (7 months ago)
|