Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-11721
Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Privilege Escalation
Description: The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.

CVSS: HIGH (8.1)

EPSS Score: 0.09%

Source: CVE
December 15th, 2024 (4 months ago)

CVE-2024-11720
Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Stored Cross-Site Scripting
Description: The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when lower-level users have been granted access to submit specific forms, which is disabled by default.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE
December 15th, 2024 (4 months ago)

CVE-2024-11711
WP Job Portal <= 2.2.1 - Unauthenticated SQL Injection
Description: The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE
December 15th, 2024 (4 months ago)

CVE-2024-10646
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Fo...
Description: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE
December 15th, 2024 (4 months ago)

CVE-2024-54351
WordPress Fancy Roller Scroller plugin <= 1.4.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Tom Landis Fancy Roller Scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through 1.4.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (4 months ago)

CVE-2024-54347
WordPress FloristPress plugin <= 7.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BAKKBONE Australia FloristPress allows Reflected XSS.This issue affects FloristPress: from n/a through 7.2.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (4 months ago)

CVE-2024-54344
WordPress WP Quick Shop plugin <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Quick Shop allows Reflected XSS.This issue affects WP Quick Shop: from n/a through 1.3.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (4 months ago)

CVE-2024-54343
WordPress Connect Contact Form 7 to Constant Contact plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Connect Contact Form 7 to Constant Contact allows Reflected XSS.This issue affects Connect Contact Form 7 to Constant Contact: from n/a through 1.4.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (4 months ago)

CVE-2024-54342
WordPress Staggs plugin <= 2.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in STAGGS Staggs Product Configurator for WooCommerce allows Reflected XSS.This issue affects Staggs Product Configurator for WooCommerce: from n/a through 2.0.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (4 months ago)

CVE-2024-54341
WordPress LabelGrid Tools plugin <= 1.3.58 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LabelGrid LabelGrid Tools allows Reflected XSS.This issue affects LabelGrid Tools: from n/a through 1.3.58.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (4 months ago)