Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13056	Dyn Business Panel <= 1.0.0 - Reflected XSS Description: The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE January 28th, 2025 (3 months ago)
CVE-2024-13055	Dyn Business Panel <= 1.0.0 - Reflected XSS Description: The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE January 28th, 2025 (3 months ago)
CVE-2024-13052	Dental Optimizer Patient Generator App <= 1.0 - Reflected XSS Description: The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE January 28th, 2025 (3 months ago)
CVE-2024-12774	Altra Side Menu <= 2.0 - Abitrary Menu Deletion via CSRF Description: The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack EPSS Score: 0.04% Source: CVE January 28th, 2025 (3 months ago)
CVE-2024-12773	Altra Side Menu <= 2.0 - Admin+ SQL Injection Description: The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks EPSS Score: 0.04% Source: CVE January 28th, 2025 (3 months ago)
	Critical zero-days impact premium WordPress real estate plugins Description: The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. [...] Source: BleepingComputer January 22nd, 2025 (3 months ago)
CVE-2024-9020	List category posts < 0.90.3 - Author+ Stored XSS Description: The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. EPSS Score: 0.04% Source: CVE January 19th, 2025 (3 months ago)
	W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks Description: A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. [...] Source: BleepingComputer January 16th, 2025 (3 months ago)
	WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites Description: A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. [...] Source: BleepingComputer January 14th, 2025 (3 months ago)
	Massive Malware Campaign Breached 5,000 WordPress Websites Description: A recently uncovered malware campaign has compromised over 5,000 WordPress websites worldwide, utilizing malicious scripts to create unauthorized admin accounts, install backdoors via rogue plugins, and exfiltrate sensitive data. The attack, linked to the domain wp3[.]xyz, was first detected and blocked by the security service c/side, though the exact method of entry remains under investigation. … The post Massive Malware Campaign Breached 5,000 WordPress Websites appeared first on CyberInsider. Source: CyberInsider January 14th, 2025 (3 months ago)