Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53826
WordPress WPCasa plugin <= 1.2.13 - Insecure Direct Object References (IDOR) vulnerability
Description: Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-53825
WordPress FileBird Lite plugin <= 6.3.2 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2.

CVSS: MEDIUM (4.7)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-53823
WordPress The Plus Addons for Elementor plugin <= 5.6.14 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.14.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-53820
WordPress Captivate Sync plugin <= 2.0.22 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Captivate Audio Ltd Captivate Sync allows Stored XSS.This issue affects Captivate Sync: from n/a through 2.0.22.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-53813
WordPress wp-travel plugin <= 9.6.0 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-53811
WordPress WDesignKit plugin <= 1.0.40 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40.

CVSS: MEDIUM (6.6)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-53809
WordPress Namaste! LMS plugin <= 2.6.4.1 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-53806
WordPress Maspik plugin <= 2.2.7 - CSRF to Settings Change vulnerability
Description: Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through 2.2.7.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-53803
WordPress WP Mailster plugin <= 1.8.16.0 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)

CVE-2024-53802
WordPress Futurio Extra plugin <= 2.0.14 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 7th, 2024 (4 months ago)