Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11768 |
Description: The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 20th, 2024 (4 months ago)
|
|
CVE-2024-11740 |
Description: The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.05%
December 20th, 2024 (4 months ago)
|
|
CVE-2024-56059 |
Description: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a through 0.2.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56058 |
Description: Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56057 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56055 |
Description: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56054 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56053 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.
CVSS: HIGH (7.6) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56052 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56051 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|