Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-37094 |
Description: Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects MasterStudy LMS: from n/a through 3.2.12.
CVSS: HIGH (8.2) EPSS Score: 0.09%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-12015 |
Description: The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route.
CVSS: HIGH (7.7) EPSS Score: 0.04%
December 3rd, 2024 (5 months ago)
|
|
CVE-2024-53783 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anzia Ni WooCommerce Cost Of Goods allows SQL Injection.This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8.
CVSS: HIGH (7.6) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-53750 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-53742 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism I.T. Systems Multilevel Referral Affiliate Plugin for WooCommerce allows Reflected XSS.This issue affects Multilevel Referral Affiliate Plugin for WooCommerce: from n/a through 2.27.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 2nd, 2024 (5 months ago)
|
|
CVE-2024-53778 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through 1.1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 1st, 2024 (5 months ago)
|
|
CVE-2024-53739 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4.
CVSS: HIGH (8.1) EPSS Score: 0.04%
December 1st, 2024 (5 months ago)
|
|
CVE-2024-11402 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-9669 |
Description: The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability was partially patched in version 1.8.5.
CVSS: HIGH (7.2) EPSS Score: 0.05%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-8066 |
Description: The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (7.5) EPSS Score: 0.05%
November 29th, 2024 (5 months ago)
|