Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-53814
WordPress Analytify plugin <= 5.4.3 - Broken Access Control vulnerability
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2024-53798
WordPress FloristPress plugin <= 7.3.0 - Nonce Leakage to Broken Access Control vulnerability
Description: Missing Authorization vulnerability in BAKKBONE Australia FloristPress.This issue affects FloristPress: from n/a through 7.3.0.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2024-53791
WordPress Lenxel Core plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS allows Stored XSS.This issue affects Lenxel Core for Lenxel(LNX) LMS: from n/a through 1.2.5.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2024-53790
WordPress Lenxel Core plugin <= 1.2.5 - Local File Inclusion vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS.This issue affects Lenxel Core for Lenxel(LNX) LMS: from n/a through 1.2.5.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2024-53785
WordPress Chatter plugin <= 1.0.1 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Alexander Volkov Chatter.This issue affects Chatter: from n/a through 1.0.1.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2024-52480
WordPress Jobify plugin <= 4.2.3 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Astoundify Jobify - Job Board WordPress Theme.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2024-52391
WordPress Pie Register Premium plugin < 3.8.3.3 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2024-52385
WordPress Team Member – Multi Language Supported Team plugin <= 7.3 - Limited Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sk. Abul Hasan Team Member.This issue affects Team Member: from n/a through 7.3.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2024-43222
WordPress Sweet Date - More than a Wordpress Dating Theme theme <= 3.7.3 - Privilege Escalation vulnerability
Description: Missing Authorization vulnerability in Envato Security Team Sweet Date.This issue affects Sweet Date: from n/a through 3.7.3.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
December 10th, 2024 (5 months ago)

CVE-2024-12257
CardGate Payments for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting
Description: The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE
December 10th, 2024 (5 months ago)