Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11977 |
Description: The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.05%
December 22nd, 2024 (4 months ago)
|
|
CVE-2024-54216 |
Description: Path Traversal: '.../...//' vulnerability in Repute InfoSystems ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1.
CVSS: HIGH (7.7) EPSS Score: 0.04%
December 21st, 2024 (4 months ago)
|
|
CVE-2024-11740 |
Description: The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.05%
December 20th, 2024 (4 months ago)
|
|
CVE-2024-56055 |
Description: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56053 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.
CVSS: HIGH (7.6) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56051 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56049 |
Description: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56048 |
Description: Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56047 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56016 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPTooling Image Mapper allows Reflected XSS.This issue affects Image Mapper: from n/a through 0.2.5.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|