Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-52497
WordPress Shopready plugin <= 3.5 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in quomodosoft Shopready allows PHP Local File Inclusion.This issue affects Shopready: from n/a through 3.5.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (6 months ago)

CVE-2024-52496
WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AbsolutePlugins Absolute Addons For Elementor allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through 1.0.14.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (6 months ago)

CVE-2024-52495
WordPress Distance Based Shipping Calculator plugin <= 2.0.21 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Distance Based Shipping Calculator allows SQL Injection.This issue affects Distance Based Shipping Calculator: from n/a through 2.0.21.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (6 months ago)

CVE-2024-52481
WordPress Jobify theme <= 4.2.3 - Unauthenticated Arbitrary File Read vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (6 months ago)

CVE-2024-11620
WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows Code Injection.This issue affects Rank Math SEO: from n/a through 1.0.231.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (6 months ago)

CVE-2024-9660
School Management <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload
Description: The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-9504
Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
Description: The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-9461
Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings
Description: The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-11415
WP-Orphanage Extended <= 1.2 - Cross-Site Request Forgery to Orphan Account Privilege Escalation
Description: The WP-Orphanage Extended plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the wporphanageex_menu_settings() function. This makes it possible for unauthenticated attackers to escalate the privileges of all orphan accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-11034
Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arb...
Description: The The Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via fire_contact_form AJAX action in all versions up to, and including, 1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

CVSS: HIGH (7.3)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (6 months ago)