Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2023-45760 — Gvectors Wpdiscuz: Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security
Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.3. CVSSv3.1 8.8 (HIGH)
CVE-2023-45104 — Wpdeveloper Betterlinks: Missing Authorization vulnerability in WPDeveloper BetterLinks betterlinks allows Exploiting Incorrectly Configured Access Control Security
Missing Authorization vulnerability in WPDeveloper BetterLinks betterlinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through <= 1.6.0. CVSSv3.1 8.8 (HIGH)
CVE-2024-56207 — Site: Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard EditionGuard for WooCommerce – eBook Sales with
Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard EditionGuard for WooCommerce – eBook Sales with DRM editionguard-for-woocommerce-ebook-sales-with-drm allows Privilege Escalation.This issue affects EditionGuard for WooCommerce – eBook Sales with DRM: from n/a through <= 3.4.2. CVSSv3.1 8.8 (HIGH)
CVE-2024-56206 — Site: Cross-Site Request Forgery (CSRF) vulnerability in krishankakkar gap-hub-user-role gap-hub-user-role allows Authentication Bypass.This issue affects
Cross-Site Request Forgery (CSRF) vulnerability in krishankakkar gap-hub-user-role gap-hub-user-role allows Authentication Bypass.This issue affects gap-hub-user-role: from n/a through <= 3.4.1. CVSSv3.1 8.8 (HIGH)
CVE-2024-56204 — Site: Cross-Site Request Forgery (CSRF) vulnerability in yonisink Sinking Dropdowns sinking-dropdowns allows Privilege Escalation.This issue
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Sinking Dropdowns sinking-dropdowns allows Privilege Escalation.This issue affects Sinking Dropdowns: from n/a through <= 1.25. CVSSv3.1 8.8 (HIGH)
CVE-2024-56203 — Site: Cross-Site Request Forgery (CSRF) vulnerability in gholme4 Wayne Audio Player wayne-audio-player allows Privilege Escalation.This
Cross-Site Request Forgery (CSRF) vulnerability in gholme4 Wayne Audio Player wayne-audio-player allows Privilege Escalation.This issue affects Wayne Audio Player: from n/a through <= 1.0. CVSSv3.1 8.8 (HIGH)
CVE-2024-56066 — Authorization: Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Privilege Escalation.This issue affects Agency
Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through <= 1.0.23. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-56061 — Authorization: Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Privilege Escalation.This issue affects RepairBuddy
Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Privilege Escalation.This issue affects RepairBuddy: from n/a through <= 3.8119. CVSSv3.1 8.8 (HIGH)
CVE-2024-56045 — Vibethemes Wordpress_learning_management_system: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-56044 — Vibethemes Wordpress_learning_management_system: Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows
Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.This issue affects WPLMS: from n/a through <= 1.9.9. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-56043 — Vibethemes Wordpress_learning_management_system: Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS
Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-56040 — Incorrect: Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP
Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through <= 1.9.9.4.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-56205 — Incorrect: Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.This issue affects
Incorrect Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.This issue affects AI Magic: from n/a through <= 1.0.4. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-56071 — Incorrect: Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects
Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through <= 2.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-56067 — Authorization: Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control
Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through <= 2.3.3. CVSSv3.1 7.5 (HIGH) · EPSS 97th percentile
CVE-2024-56064 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows
Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-56046 — Vibethemes Wordpress_learning_management_system: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-56042 — Vibethemes Wordpress_learning_management_system: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-56041 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through < 1.9.9.5.1. CVSSv3.1 8.5 (HIGH)
CVE-2024-56039 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through < 1.9.9.7.7. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-56220 — Incorrect: Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.This
Incorrect Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.6.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-56214 — Path: Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro
Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro userpro allows Path Traversal.This issue affects Userpro: from n/a through <= 5.1.9. CVSSv3.1 8.3 (HIGH)
CVE-2024-56212 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.9. CVSSv3.1 8.5 (HIGH)
CVE-2024-56211 — Authorization: Missing Authorization vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <=
Missing Authorization vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.9. CVSSv3.1 8.8 (HIGH)
CVE-2024-56732 — Harfbuzz_project Harfbuzz: Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function. CVSSv3.1 8.8 (HIGH) · EPSS 39th percentile