Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53712
WordPress Kevin's plugin <= 2.0.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Kevin McCabe Kevin's allows Stored XSS.This issue affects Kevin's: from n/a through 2.0.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (6 months ago)

CVE-2024-53711
WordPress Hotlink2Watermark plugin <= 0.3.2 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Jean-Marc BIANCA Hotlink2Watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through 0.3.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (6 months ago)

CVE-2024-53710
WordPress ITERAS plugin <= 1.7.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS allows Stored XSS.This issue affects ITERAS: from n/a through 1.7.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (6 months ago)

CVE-2024-53709
WordPress Generic Elements plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdevs Generic Elements allows DOM-Based XSS.This issue affects Generic Elements: from n/a through 1.2.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (6 months ago)

CVE-2024-53708
WordPress AI Quiz plugin <= 1.1 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in AutoQuiz AI Quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through 1.1.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (6 months ago)

CVE-2024-53707
WordPress Ahmeti Wp Güzel Sözler plugin <= 4.0 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ahmet İmamoğlu Ahmeti Wp Güzel Sözler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through 4.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (6 months ago)

CVE-2024-53623
Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.
Description: Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (6 months ago)

CVE-2024-53617
A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on...
Description: A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE
December 3rd, 2024 (6 months ago)

CVE-2024-53566
An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a...
Description: An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (6 months ago)

CVE-2024-53564
An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of freepbx v17.0.19.17 allows attackers to execute...
Description: An authenticated arbitrary file upload vulnerability in the component /module_admin/upload.php of freepbx v17.0.19.17 allows attackers to execute arbitrary code via uploading a crafted file.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (6 months ago)