Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56050 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56049 |
Description: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56048 |
Description: Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9.
CVSS: HIGH (8.8) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56047 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56016 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPTooling Image Mapper allows Reflected XSS.This issue affects Image Mapper: from n/a through 0.2.5.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56010 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy / PerfOps One Device Detector allows Reflected XSS.This issue affects Device Detector: from n/a through 4.2.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-56008 |
Description: Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-55997 |
WordPress Order Delivery & Pickup Location Date Time plugin <= 1.1.0 - Settings Change vulnerability
Description: Missing Authorization vulnerability in Web Chunky Order Delivery & Pickup Location Date Time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery & Pickup Location Date Time: from n/a through 1.1.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-55985 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ydesignservices YDS Support Ticket System allows SQL Injection.This issue affects YDS Support Ticket System: from n/a through 1.0.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2024-55984 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susheelhbti Saksh Escrow System allows SQL Injection.This issue affects Saksh Escrow System: from n/a through 2.4.
CVSS: HIGH (8.5) EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|