Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-25714
WordPress Quick Paypal Payments plugin <= 5.7.25 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2023-22701
WordPress Ebook Store plugin <= 5.775 - Broken Authentication vulnerability
Description: Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-12270
Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection
Description: The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS: HIGH (7.5)

EPSS Score: 0.09%

Source: CVE
December 8th, 2024 (4 months ago)

CVE-2024-11501
Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection
Description: The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
December 8th, 2024 (4 months ago)

CVE-2024-11010
FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion
Description: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE
December 8th, 2024 (4 months ago)

CVE-2024-54216
WordPress ARForms plugin <= 6.4.1 - Subscriber+ Arbitrary File Read vulnerability
Description: Path Traversal vulnerability in NotFound ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1.

CVSS: HIGH (7.7)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-54209
WordPress Awesome Shortcodes plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Awesome Shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through 1.7.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-54208
WordPress Block Controller plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joni Halabi Block Controller allows Reflected XSS.This issue affects Block Controller: from n/a through 1.4.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-54205
WordPress Paloma Widget plugin <= 1.14 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through 1.14.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-53824
WordPress All Bootstrap Blocks plugin <= 1.3.20 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects All Bootstrap Blocks: from n/a through 1.3.19.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)