Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-10708 |
Description: The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2023-6947 |
Description: The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the contents of arbitrary folders on the server, which can contain sensitive information such as folder structure.
CVSS: HIGH (7.7) EPSS Score: 0.05%
December 11th, 2024 (6 months ago)
|
|
CVE-2023-49848 |
Description: Missing Authorization vulnerability in wooproductimporter Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2023-49832 |
Description: Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.10.2.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2023-49831 |
Description: Missing Authorization vulnerability in Metagauss User Registration Forms RegistrationMagic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through 5.2.3.0.
CVSS: HIGH (7.5) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2023-49818 |
Description: Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2023-48750 |
Description: Missing Authorization vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Void Elementor Post Grid Addon for Elementor Page builder: from n/a through 2.1.10.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2023-48286 |
Description: Missing Authorization vulnerability in Tips and Tricks HQ, wptipsntricks Stripe Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a through 2.0.79.
CVSS: HIGH (8.2) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2023-47847 |
Description: Missing Authorization vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayTR Taksit Tablosu: from n/a through 1.3.1.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-9651 |
Description: The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|