CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11452 |
Description: The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'business_categories' shortcode in all versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 17th, 2025 (6 months ago)
|
|
CVE-2024-10970 |
Description: The The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
January 17th, 2025 (6 months ago)
|
|
CVE-2024-10789 |
Description: The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the plugins setting which controls access to the functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 17th, 2025 (6 months ago)
|
|
CVE-2024-52594 |
Description: Impact
Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions.
Patches
c4f1e01eab0dd435709ad15463ed38a079ad6128 fixes this issue.
Workarounds
Use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access.
References
N/A
References
https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822
https://nvd.nist.gov/vuln/detail/CVE-2024-52594
https://github.com/matrix-org/gomatrixserverlib/commit/c4f1e01eab0dd435709ad15463ed38a079ad6128
https://github.com/advisories/GHSA-4ff6-858j-r822
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
|
CVE-2025-20621 |
Description: Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-20621
https://mattermost.com/security-updates
https://github.com/advisories/GHSA-w6xh-c82w-h997
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
|
Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
January 17th, 2025 (6 months ago)
|
|
|
Description: Non-profit privacy advocacy group "None of Your Business" (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user's data to China and infringing European Union's general data protection regulation (GDPR). [...]
January 16th, 2025 (6 months ago)
|
|
|
January 16th, 2025 (6 months ago)
|
|
|
January 16th, 2025 (6 months ago)
|
|
|
January 16th, 2025 (6 months ago)
|