CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56274 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.15.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-56273 |
Description: Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-56272 |
Description: Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce.This issue affects Hide Category by User Role for WooCommerce: from n/a through 2.1.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-56271 |
Description: Missing Authorization vulnerability in SecureSubmit WP SecureSubmit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SecureSubmit: from n/a through 1.5.16.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-56270 |
Description: Missing Authorization vulnerability in SecureSubmit WP SecureSubmit.This issue affects WP SecureSubmit: from n/a through 1.5.16.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-51651 |
Description: Missing Authorization vulnerability in CubeWP CubeWP Forms – All-in-One Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms – All-in-One Form Builder: from n/a through 1.1.5.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-49294 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.4.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-12781 |
Description: The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab_1cl_demo_install_package_content' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite content with imported demo content.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-12738 |
Description: The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks a link to show user meta.
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-12719 |
Description: The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform limited path traversal to view directories and subdirectories in WordPress. Files cannot be viewed.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 8th, 2025 (6 months ago)
|