CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-12212

Description: The vulnerability occurs in the parsing of CSP files. The issues result from the lack of proper validation of user-supplied data, which could allow reading past the end of allocated data structures, resulting in execution of arbitrary code.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (7 months ago)

CVE-2024-12042

Description: The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload HTML files with arbitrary web scripts that will execute whenever a user accesses the file.

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE
December 14th, 2024 (7 months ago)

CVE-2024-11986

Description: Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'.

CVSS: CRITICAL (9.6)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (7 months ago)

CVE-2024-11911

Description: The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install WooCommerce. This has a limited impact on most sites because WooCommerce is a requirement.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
December 14th, 2024 (7 months ago)

CVE-2024-11910

Description: The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.07%

Source: CVE
December 14th, 2024 (7 months ago)

CVE-2024-11839

Description: Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (7 months ago)

CVE-2024-11838

Description: External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (7 months ago)

CVE-2024-11837

Description: Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac  allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (7 months ago)

CVE-2024-11836

Description: Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (7 months ago)

CVE-2024-11835

Description: Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1.

CVSS: HIGH (7.0)

EPSS Score: 0.04%

Source: CVE
December 14th, 2024 (7 months ago)