Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10957 |
Description: The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.
CVSS: HIGH (8.8) EPSS Score: 0.05%
January 5th, 2025 (4 months ago)
|
|
CVE-2024-10932 |
Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace'
Description: The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site in order to trigger the exploit.
CVSS: HIGH (8.8) EPSS Score: 0.06%
January 5th, 2025 (4 months ago)
|
|
CVE-2024-56069 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Azzaroco WP SuperBackup allows Reflected XSS.This issue affects WP SuperBackup: from n/a through 2.3.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (4 months ago)
|
|
CVE-2024-56060 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HTML Forms allows Reflected XSS.This issue affects HTML Forms: from n/a through 1.4.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (4 months ago)
|
|
CVE-2024-56038 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendSMS allows Reflected XSS.This issue affects SendSMS: from n/a through 1.2.9.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (4 months ago)
|
|
CVE-2024-56037 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Maruf Adnan Sami User Referral allows Reflected XSS.This issue affects User Referral: from n/a through 8.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (4 months ago)
|
|
CVE-2024-56034 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Irshad Services updates for customers allows Reflected XSS.This issue affects Services updates for customers: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (4 months ago)
|
|
CVE-2024-56028 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lemonade Coding Studio Lemonade Social Networks Autoposter Pinterest allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through 2.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (4 months ago)
|
|
CVE-2024-56027 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BizSwoop a CPF Concepts, LLC Brand Leads CRM allows Reflected XSS.This issue affects Leads CRM: from n/a through 2.0.13.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (4 months ago)
|
|
CVE-2024-56014 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markyis Cool Olivia allows Reflected XSS.This issue affects Olivia: from n/a through 0.9.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (4 months ago)
|