CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-56280	WordPress WPGuppy plugin <= 1.1.0 - Privilege Escalation vulnerability Description: Incorrect Privilege Assignment vulnerability in Amento Tech Pvt ltd WPGuppy allows Privilege Escalation.This issue affects WPGuppy: from n/a through 1.1.0. CVSS: HIGH (8.8) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2024-56279	WordPress Compact WP Audio Player plugin <= 1.9.14 - Server Side Request Forgery (SSRF) vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in Tips and Tricks HQ Compact WP Audio Player allows Server Side Request Forgery.This issue affects Compact WP Audio Player: from n/a through 1.9.14. CVSS: MEDIUM (6.4) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2024-56278	WordPress WP Ultimate Exporter plugin <= 2.9.1 - Remote Code Execution (RCE) vulnerability Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders WP Ultimate Exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through 2.9.1. CVSS: CRITICAL (9.1) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2024-56276	WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through 1.9.2.2. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2024-56275	WordPress Envato Elements plugin <= 2.0.14 - Server Side Request Forgery (SSRF) vulnerability Description: Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14. CVSS: MEDIUM (4.1) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2024-56274	WordPress Astra Widgets plugin <= 1.2.15 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.15. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2024-56273	WordPress WPvivid Backup plugin <= 0.9.106 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2024-56272	WordPress Hide Category by User Role for WooCommerce plugin <= 2.1.1 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce.This issue affects Hide Category by User Role for WooCommerce: from n/a through 2.1.1. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2024-56271	WordPress WP SecureSubmit plugin <= 1.5.16 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in SecureSubmit WP SecureSubmit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SecureSubmit: from n/a through 1.5.16. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)
CVE-2024-56270	WordPress WP SecureSubmit plugin <= 1.5.16 - Sensitive Data Exposure vulnerability Description: Missing Authorization vulnerability in SecureSubmit WP SecureSubmit.This issue affects WP SecureSubmit: from n/a through 1.5.16. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE January 8th, 2025 (6 months ago)