Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-8300 |
Description: Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
CVSS: HIGH (7.0) EPSS Score: 0.05%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-8066 |
Description: The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (7.5) EPSS Score: 0.05%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-7747 |
Description: The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create funds during a transfer and distribute these funds to any number of other users or their own account, rendering products free. Attackers could also request to withdraw funds if the Wallet Withdrawal extension is used and the request is approved by an administrator.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-53737 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Mailster allows Stored XSS.This issue affects WP Mailster: from n/a through 1.8.16.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-53736 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom Shortcode Sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-53734 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Idealien Studios Idealien Category Enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-53733 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rohit Harsh Fence URL allows Stored XSS.This issue affects Fence URL: from n/a through 2.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-53732 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP WOX Footer Flyout Widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through 1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-53731 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fintelligence Fintelligence Calculator allows Stored XSS.This issue affects Fintelligence Calculator: from n/a through 1.0.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|
|
CVE-2024-52501 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webbytemplate Office Locator.This issue affects Office Locator: from n/a through 1.3.0.
CVSS: HIGH (7.5) EPSS Score: 0.04%
November 29th, 2024 (5 months ago)
|