Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-52499
WordPress Pricing table addon for elementor plugin <= 1.0.0 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kardi Pricing table addon for elementor allows PHP Local File Inclusion.This issue affects Pricing table addon for elementor: from n/a through 1.0.0.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (6 months ago)

CVE-2024-52498
WordPress SP Blog Designer plugin <= 1.0.0 - Local File Inclusion vulnerability
Description: Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (6 months ago)

CVE-2024-52497
WordPress Shopready plugin <= 3.5 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in quomodosoft Shopready allows PHP Local File Inclusion.This issue affects Shopready: from n/a through 3.5.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (6 months ago)

CVE-2024-52496
WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AbsolutePlugins Absolute Addons For Elementor allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through 1.0.14.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (6 months ago)

CVE-2024-52495
WordPress Distance Based Shipping Calculator plugin <= 2.0.21 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Distance Based Shipping Calculator allows SQL Injection.This issue affects Distance Based Shipping Calculator: from n/a through 2.0.21.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (6 months ago)

CVE-2024-52481
WordPress Jobify theme <= 4.2.3 - Unauthenticated Arbitrary File Read vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (6 months ago)

CVE-2024-11620
WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows Code Injection.This issue affects Rank Math SEO: from n/a through 1.0.231.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
November 29th, 2024 (6 months ago)

CVE-2024-9660
School Management <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload
Description: The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-9504
Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
Description: The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE
November 27th, 2024 (6 months ago)

CVE-2024-9461
Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings
Description: The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
November 27th, 2024 (6 months ago)