CVE-2025-1682 |
Description: The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the default user role.
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 28th, 2025 (4 months ago)
|
CVE-2025-1681 |
Description: The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to change or delete arbitrary css and js files.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 28th, 2025 (4 months ago)
|
CVE-2024-12811 |
Description: The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_slider' shortcode 'style' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
CVSS: HIGH (8.8) EPSS Score: 0.1%
February 28th, 2025 (4 months ago)
|
![]() |
Description: Threat Attack Daily - February 27th, 2025
February 28th, 2025 (4 months ago)
|
CVE-2024-37567 |
Description: Infoblox NIOS through 8.6.4 has Improper Access Control for Grids.
EPSS Score: 0.04%
February 27th, 2025 (4 months ago)
|
CVE-2024-37566 |
Description: Infoblox NIOS through 8.6.4 has Improper Authentication for Grids.
EPSS Score: 0.06%
February 27th, 2025 (4 months ago)
|
CVE-2024-36047 |
Description: Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.
EPSS Score: 0.08%
February 27th, 2025 (4 months ago)
|
CVE-2024-36046 |
Description: Infoblox NIOS through 8.6.4 executes with more privileges than required.
EPSS Score: 0.06%
February 27th, 2025 (4 months ago)
|
CVE-2024-34015 |
Description: Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892.
CVSS: LOW (3.3) EPSS Score: 0.02% SSVC Exploitation: none
February 27th, 2025 (4 months ago)
|
CVE-2024-34014 |
Description: Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181.
CVSS: MEDIUM (5.5) EPSS Score: 0.04% SSVC Exploitation: none
February 27th, 2025 (4 months ago)
|