CyberAlerts

CVE-2024-4533

KKProgressbar2 Free <= 1.1.4.2 - Admin+ SQL Injection

Description: The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks

EPSS Score: 0.09%

SSVC Exploitation: poc

Source: CVE

March 25th, 2025 (2 months ago)

CVE-2024-4480

WP Prayer II <= 2.4.7 - Email Settings Update via CSRF

Description: The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack

EPSS Score: 0.07%

SSVC Exploitation: poc

Source: CVE

March 25th, 2025 (2 months ago)

CVE-2024-3631

HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF

Description: The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack

EPSS Score: 0.1%

SSVC Exploitation: poc

Source: CVE

March 25th, 2025 (2 months ago)

CVE-2024-3478

Herd Effects < 5.2.7 - Effect Deletion via CSRF

Description: The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks

EPSS Score: 0.02%

SSVC Exploitation: poc

Source: CVE

March 25th, 2025 (2 months ago)

CVE-2024-3992

Amen <= 3.3.1 - Admin+ Stored XSS

Description: The Amen WordPress plugin through 3.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

EPSS Score: 0.13%

SSVC Exploitation: none

Source: CVE

March 25th, 2025 (2 months ago)

CVE-2024-3477

Popup Box < 2.2.7 - Popup Deletion via CSRF

Description: The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks

EPSS Score: 0.02%

SSVC Exploitation: poc

Source: CVE

March 25th, 2025 (2 months ago)

CVE-2024-4535

KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF

Description: The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

EPSS Score: 0.12%

SSVC Exploitation: poc

Source: CVE

March 25th, 2025 (2 months ago)

CVE-2024-3552

Web Directory Free < 1.7.0 - Unauthenticated SQL Injection

Description: The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.

EPSS Score: 93.2%

SSVC Exploitation: poc

Source: CVE

March 25th, 2025 (2 months ago)

CVE-2024-31095

WordPress Thumbs Rating plugin <= 5.1.0 - Insecure Direct Object References (IDOR) vulnerability

Description: Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.1.0.

EPSS Score: 0.3%

SSVC Exploitation: none

Source: CVE

March 25th, 2025 (2 months ago)

CVE-2024-31094

WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - PHP Object Injection vulnerability

Description: Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.

EPSS Score: 0.42%

SSVC Exploitation: poc

Source: CVE

March 25th, 2025 (2 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: