CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-54237
WordPress Ni CRM Lead plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni CRM Lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through 1.3.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-54236
WordPress Ni WooCommerce Bulk Product Editor plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Bulk Product Editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk Product Editor: from n/a through 1.4.5.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-54235
WordPress Shiptimize for WooCommerce plugin <= 3.1.86 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiptimize Shiptimize for WooCommerce allows Reflected XSS.This issue affects Shiptimize for WooCommerce: from n/a through 3.1.86.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-54233
WordPress Advanced Control Manager plugin <= 2.16.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Reflected XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-54231
WordPress Ni WooCommerce Order Export plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Order Export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through 3.1.6.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2024-10783
MainWP Child <= 5.2 - Missing Authorization to Unauthenticated Privilege Escalation
Description: The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state. This makes it possible for unauthenticated attackers to log in as an administrator on instances where MainWP Child is not yet connected to the MainWP Dashboard. IMPORTANT: this only affects sites who have MainWP Child installed and have not yet connected to the MainWP Dashboard, and do not have the unique security ID feature enabled. Sites already connected to the MainWP Dashboard plugin and do not have the unique security ID feature enabled, are NOT affected and not required to upgrade. Please note 5.2.1 contains a partial patch, though we consider 5.3 to be the complete patch.

CVSS: HIGH (8.1)

EPSS Score: 0.1%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2023-41130
WordPress Premmerce User Roles plugin <= 1.0.12 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Premmerce Premmerce User Roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through 1.0.12.

CVSS: HIGH (8.1)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2023-39920
WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through 2.9.2.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2023-38385
WordPress Jupiter X Core plugin <= 3.3.0 - Multiple Auth. Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Artbees JupiterX Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from 3.0.0 through 3.3.0.

CVSS: HIGH (8.3)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)

CVE-2023-36510
WordPress ReDi Restaurant Reservation plugin <= 23.0211 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (6 months ago)