Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54352 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Sabri Taieb Sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through 1.5.2.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-54332 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through 1.2.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-54331 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through 1.7.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-54284 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6.18.10.
CVSS: HIGH (7.6) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-54283 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6.18.10.
CVSS: HIGH (7.6) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-54279 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-54257 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-54249 |
WordPress Advanced Options Editor plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jules Colle Advanced Options Editor allows Reflected XSS.This issue affects Advanced Options Editor: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-37222 |
Description: Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 17th, 2024 (4 months ago)
|
|
CVE-2024-9698 |
Description: The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (7.2) EPSS Score: 0.05%
December 15th, 2024 (4 months ago)
|