Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11402 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-9669 |
Description: The File Manager Pro – Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability was partially patched in version 1.8.5.
CVSS: HIGH (7.2) EPSS Score: 0.05%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-8066 |
Description: The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (7.5) EPSS Score: 0.05%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-53736 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom Shortcode Sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-53734 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Idealien Studios Idealien Category Enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-53733 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rohit Harsh Fence URL allows Stored XSS.This issue affects Fence URL: from n/a through 2.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-53732 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP WOX Footer Flyout Widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through 1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-52501 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webbytemplate Office Locator.This issue affects Office Locator: from n/a through 1.3.0.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-52499 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kardi Pricing table addon for elementor allows PHP Local File Inclusion.This issue affects Pricing table addon for elementor: from n/a through 1.0.0.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-52498 |
Description: Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|