Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11423 |
Description: The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything.
CVSS: HIGH (7.5) EPSS Score: 0.05%
January 9th, 2025 (3 months ago)
|
|
CVE-2024-11271 |
Description: The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify webinars.
CVSS: HIGH (8.8) EPSS Score: 0.05%
January 9th, 2025 (3 months ago)
|
|
CVE-2024-11270 |
Description: The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution.
CVSS: HIGH (8.8) EPSS Score: 0.05%
January 9th, 2025 (3 months ago)
|
|
CVE-2025-22593 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Burria Laika Pedigree Tree allows Stored XSS.This issue affects Laika Pedigree Tree: from n/a through 1.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (3 months ago)
|
|
CVE-2025-22592 |
Description: Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through 1.87.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 8th, 2025 (3 months ago)
|
|
CVE-2025-22590 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Times Anywhere allows Stored XSS.This issue affects Prayer Times Anywhere: from n/a through 2.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (3 months ago)
|
|
CVE-2025-22589 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet allows Stored XSS.This issue affects Quote Tweet: from n/a through 0.7.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (3 months ago)
|
|
CVE-2025-22582 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Scott Nellé Uptime Robot allows Stored XSS.This issue affects Uptime Robot: from n/a through 0.1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (3 months ago)
|
|
CVE-2025-22571 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Instabot Instabot allows Cross Site Request Forgery.This issue affects Instabot: from n/a through 1.10.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (3 months ago)
|
|
CVE-2025-22559 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Mario Mansour and Geoff Peters TubePress.NET allows Cross Site Request Forgery.This issue affects TubePress.NET: from n/a through 4.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (3 months ago)
|