Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-23814
WordPress Calendar Event Multi View plugin <= 1.4.13 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13.

CVSS: LOW (3.8)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2023-23726
WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.1.0 - CSRF Leading To Post Status Change Vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2023-23725
WordPress Shortcodes by Angie Makes plugin <= 3.46 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2023-23716
WordPress Zendesk Support for WordPress plugin <= 1.8.4 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: from n/a through 1.8.4.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2023-23715
WordPress JobBoardWP – Job Board Listings and Submissions plugin <= 1.2.2 - IDOR Leading To Job Removal Vulnerability
Description: Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2.

CVSS: MEDIUM (5.2)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2023-22708
WordPress Kraken.io Image Optimizer plugin <= 2.6.7 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2023-22701
WordPress Ebook Store plugin <= 5.775 - Broken Authentication vulnerability
Description: Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (4 months ago)

CVE-2024-12209
WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion
Description: The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

CVSS: CRITICAL (9.8)

EPSS Score: 2.91%

Source: CVE
December 9th, 2024 (4 months ago)

CVE-2024-12270
Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection
Description: The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS: HIGH (7.5)

EPSS Score: 0.09%

Source: CVE
December 8th, 2024 (4 months ago)

CVE-2024-12253
Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Upd...
Description: The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users).

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE
December 8th, 2024 (4 months ago)