CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11282 |
Description: The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-10866 |
Description: The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-10562 |
Description: The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-10536 |
Description: The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export shortcodes.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-10527 |
Description: The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information.
CVSS: LOW (3.1) EPSS Score: 0.05%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-10102 |
Description: The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
Description: A Threat Actor Claims to be Selling a WordPress Exploit Tool
January 7th, 2025 (6 months ago)
|
|
|
Description: The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.
January 7th, 2025 (6 months ago)
|
|
CVE-2024-8066 |
Description: The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (7.5) EPSS Score: 0.05%
January 7th, 2025 (6 months ago)
|
|
CVE-2024-12311 |
Description: The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
EPSS Score: 0.04%
January 7th, 2025 (6 months ago)
|