Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56206 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Amarjeet Amar allows Authentication Bypass.This issue affects gap-hub-user-role: from n/a through 3.4.1.
CVSS: HIGH (8.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56204 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg of Social Ink Sinking Dropdowns allows Privilege Escalation.This issue affects Sinking Dropdowns: from n/a through 1.25.
CVSS: HIGH (8.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56203 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in George Holmes II Wayne Audio Player allows Privilege Escalation.This issue affects Wayne Audio Player: from n/a through 1.0.
CVSS: HIGH (8.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56070 |
Description: Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3.
CVSS: HIGH (7.4) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56068 |
Description: Deserialization of Untrusted Data vulnerability in Azzaroco WP SuperBackup.This issue affects WP SuperBackup: from n/a through 2.3.3.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56067 |
Description: Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56061 |
Description: Missing Authorization vulnerability in Webful Creations Computer Repair Shop allows Privilege Escalation.This issue affects Computer Repair Shop: from n/a through 3.8119.
CVSS: HIGH (8.8) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2024-56041 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP allows SQL Injection.This issue affects VibeBP: from n/a before 1.9.9.5.1.
CVSS: HIGH (8.5) EPSS Score: 0.04%
January 1st, 2025 (4 months ago)
|
|
CVE-2023-2298 |
Description: The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.11%
December 29th, 2024 (4 months ago)
|
|
CVE-2023-0992 |
Description: The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.11%
December 29th, 2024 (4 months ago)
|