CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-54297	WordPress vBSSO-lite plugin <= 1.4.3 - Account Takeover vulnerability Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in www.vbsso.com vBSSO-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through 1.4.3. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE December 14th, 2024 (7 months ago)
CVE-2024-54296	WordPress CoSchool LMS plugin <= 1.2 - Account Takeover vulnerability Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through 1.2. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE December 14th, 2024 (7 months ago)
CVE-2024-54295	WordPress ListApp Mobile Manager plugin <= 1.7.7 - Account Takeover vulnerability Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in InspireUI ListApp Mobile Manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through 1.7.7. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE December 14th, 2024 (7 months ago)
CVE-2024-54294	WordPress Firebase OTP Authentication plugin <= 1.0.1 - Account Takeover vulnerability Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in appgenixinfotech Firebase OTP Authentication allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through 1.0.1. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE December 14th, 2024 (7 months ago)
CVE-2024-54293	WordPress CE21 Suite plugin <= 2.2.0 - Privilege Escalation vulnerability Description: Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through 2.2.0. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE December 14th, 2024 (7 months ago)
CVE-2024-54292	WordPress Appsplate plugin <= 2.1.3 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Appsplate Appsplate allows SQL Injection.This issue affects Appsplate: from n/a through 2.1.3. CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE December 14th, 2024 (7 months ago)
CVE-2024-54273	WordPress Mail Picker plugin <= 1.0.14 - PHP Object Injection vulnerability Description: Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker allows Object Injection.This issue affects Mail Picker: from n/a through 1.0.14. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE December 14th, 2024 (7 months ago)
CVE-2024-54262	WordPress Import Export For WooCommerce plugin <= 1.5 - Arbitrary File Upload vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export For WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through 1.5. CVSS: CRITICAL (9.9) EPSS Score: 0.04% Source: CVE December 14th, 2024 (7 months ago)
CVE-2024-54261	WordPress TAX SERVICE Electronic HDM plugin <= 1.1.2 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM allows SQL Injection.This issue affects TAX SERVICE Electronic HDM: from n/a through 1.1.2. CVSS: CRITICAL (10.0) EPSS Score: 0.04% Source: CVE December 14th, 2024 (7 months ago)
CVE-2024-54239	WordPress Eyewear prescription form plugin <= 4.0.18 - Arbitrary Option Update to Privilege Escalation vulnerability Description: Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE December 14th, 2024 (7 months ago)