CVE-2024-13184 |
Description: The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: HIGH (7.5) EPSS Score: 0.06%
January 19th, 2025 (6 months ago)
|
CVE-2024-12696 |
Description: The Picture Gallery – Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videowhisper_picture_upload_guest shortcode in all versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 19th, 2025 (6 months ago)
|
CVE-2024-12385 |
Description: The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
January 19th, 2025 (6 months ago)
|
CVE-2024-12071 |
Description: The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to delete arbitrary posts and pages.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 19th, 2025 (6 months ago)
|
![]() |
Description: Earlier this week, Ubisoft released Assassin's Creed Valhalla and Assassin's Creed Origins patches to fix Windows 11 24H2 compatibility issues that caused crashes, freezes, and audio problems. [...]
January 18th, 2025 (6 months ago)
|
![]() |
Description: The Federal Trade Commission (FTC) has announced action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and sale of drivers' precise geolocation and driving behavior data without first obtaining their consent. [...]
January 18th, 2025 (6 months ago)
|
![]() |
Description: crocs Claims to be Selling the Data of SEAG
January 18th, 2025 (6 months ago)
|
![]() |
Description: A Threat Actor Claims be Selling Chinese Citizens Passport Data
January 18th, 2025 (6 months ago)
|
![]() |
Description: That’s my secret Captain…I’m always traumatized.
January 18th, 2025 (6 months ago)
|
![]() |
Description: In July 2024, a threat actor gained access to the hotel management platform Otelier and retrieved customer data from well-known hotel brands including Marriott, Hilton, and Hyatt. The data included 437k customer email addresses (a further 868k generated email addresses from the booking.com and Expedia platforms were not loaded into HIBP), names, physical addresses, phone numbers, booking information related to travel plans, purchases recorded by the platform and in a small number of cases, partial credit card data. The data was provided to HIBP by a source who requested it be attributed to "[email protected]".
January 18th, 2025 (6 months ago)
|