CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-10633
Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated Arbitrary Shortcode Execution via content
Description: The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

CVSS: HIGH (7.3)

EPSS Score: 0.05%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2024-10628
Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Unauthenticated SQL Injection via id
Description: The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2024-10574
Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Missing Authorization to Google Sheets Integration Credentials Modification and...
Description: The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This makes it possible for unauthenticated attackers to modify the Google Sheets integration credentials within the plugin's settings. Because the 'client_id' parameter is not sanitized or escaped when used in output, this vulnerability could also be leveraged to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2024-10552
Flexmls® IDX Plugin <= 3.14.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via API parameters
Description: The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘api_key’ and 'api_secret' parameters in all versions up to, and including, 3.14.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 3.14.25.

CVSS: MEDIUM (6.4)

EPSS Score: 0.07%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2024-10324
RomethemeKit For Elementor <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates
Description: The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2024-0874
Coredns: cd bit response is cached and served later
Description: A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)
Daily Dose of Dark Web Informer - January 27th, 2025
Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Source: DarkWebInformer
January 27th, 2025 (5 months ago)
Memos to Federal Employees Were Written By People With Ties to Project 2025, Metadata Shows
Description: James Sherk and Noah Peters appear as the authors of memos sent by the Office of Personnel Management.
Source: 404 Media
January 27th, 2025 (5 months ago)
For $50, Cyberattackers Can Use GhostGPT to Write Malicious Code
Description: Malware writing is only one of the several malicious activities that adversaries can use the new, uncensored generative AI chatbot.
Source: Dark Reading
January 27th, 2025 (5 months ago)
Change Healthcare Breach Impact Doubles to 190M People
Description: One of the largest data breaches in history was apparently twice as impactful as previously thought, with PII belonging to hundreds of millions of people sitting in the hands of cybercriminals.
Source: Dark Reading
January 27th, 2025 (5 months ago)