Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53732 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP WOX Footer Flyout Widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through 1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-52501 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webbytemplate Office Locator.This issue affects Office Locator: from n/a through 1.3.0.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-52499 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kardi Pricing table addon for elementor allows PHP Local File Inclusion.This issue affects Pricing table addon for elementor: from n/a through 1.0.0.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-52498 |
Description: Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-52497 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in quomodosoft Shopready allows PHP Local File Inclusion.This issue affects Shopready: from n/a through 3.5.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-52496 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AbsolutePlugins Absolute Addons For Elementor allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through 1.0.14.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-52495 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Distance Based Shipping Calculator allows SQL Injection.This issue affects Distance Based Shipping Calculator: from n/a through 2.0.21.
CVSS: HIGH (8.5) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-52481 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-11620 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows Code Injection.This issue affects Rank Math SEO: from n/a through 1.0.231.
CVSS: HIGH (7.2) EPSS Score: 0.04%
November 29th, 2024 (6 months ago)
|
|
CVE-2024-9660 |
Description: The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.04%
November 27th, 2024 (6 months ago)
|