Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-54363 — Incorrect: Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-54361 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tenteeglobal Instant Appointment instant-appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through <= 1.2. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-54359 — Authorization: Missing Authorization vulnerability in Saul Morales Pacheco Banner System banner-system allows Exploiting Incorrectly Configured
Missing Authorization vulnerability in Saul Morales Pacheco Banner System banner-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Banner System: from n/a through <= 1.0.0. CVSSv3.1 8.2 (HIGH)
CVE-2024-54352 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Sabri Sogrid sogrid allows Privilege Escalation.This issue affects
Cross-Site Request Forgery (CSRF) vulnerability in Sabri Sogrid sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through <= 1.5.2. CVSSv3.1 8.8 (HIGH)
CVE-2024-54336 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia projectopia-core allows
Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia projectopia-core allows Authentication Bypass.This issue affects Projectopia: from n/a through <= 5.1.7. CVSSv3.1 8.8 (HIGH)
CVE-2024-54304 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support hive-support allows SQL Injection.This issue affects Hive Support: from n/a through <= 1.1.2. CVSSv3.1 8.5 (HIGH)
CVE-2024-54297 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in extremeidea vBSSO-lite vbsso-lite allows
Authentication Bypass Using an Alternate Path or Channel vulnerability in extremeidea vBSSO-lite vbsso-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through <= 1.4.3. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-54296 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS
Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS coschool allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through <= 1.4.3. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-54295 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager
Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through <= 1.7.7. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-54294 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP
Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through <= 1.0.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-54293 — Incorrect: Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects
Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-54292 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appsplate Appsplate appsplate allows SQL Injection.This issue affects Appsplate: from n/a through <= 2.1.3. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-54273 — Deserialization: of Untrusted Data vulnerability in PickPlugins Mail Picker mail-picker allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker mail-picker allows Object Injection.This issue affects Mail Picker: from n/a through <= 1.0.14. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-54262 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce
Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through <= 1.6.2. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-54261 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM virtual-hdm-for-taxservice-am allows SQL Injection.This issue affects TAX SERVICE Electronic HDM: from n/a through <= 1.2.2. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-54258 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anzar Ahmed Ni CRM Lead ni-crm-lead allows SQL Injection.This issue affects Ni CRM Lead: from n/a through <= 1.3.0. CVSSv3.1 8.5 (HIGH)
CVE-2024-54248 — Site: Cross-Site Request Forgery (CSRF) vulnerability in eewee eewee admin custom eewee-admincustom allows Privilege Escalation.This
Cross-Site Request Forgery (CSRF) vulnerability in eewee eewee admin custom eewee-admincustom allows Privilege Escalation.This issue affects eewee admin custom: from n/a through <= 1.8.2.4. CVSSv3.1 8.8 (HIGH)
CVE-2024-54239 — Authorization: Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects
Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through <= 4.0.18. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-54234 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through <= 5.5. CVSSv3.1 9.3 (CRITICAL)
CVE-2023-41695 — Analytify Analytify_-_google_analytics_dashboard: Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security
Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.1.0. CVSSv3.1 8.8 (HIGH)
CVE-2023-41130 — Authorization: Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access
Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through <= 1.0.12. CVSSv3.1 8.1 (HIGH) · EPSS 40th percentile
CVE-2023-40334 — Pluginus Husky_-_products_filter_professional_for_woocommerce: Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Config
Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through <= 1.3.4.2. CVSSv3.1 8.8 (HIGH)
CVE-2023-40005 — Awesomemotive Easy_digital_downloads: Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured
Missing Authorization vulnerability in Syed Balkhi Easy Digital Downloads easy-digital-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through <= 3.1.5. CVSSv3.1 9.8 (CRITICAL)
CVE-2023-40003 — Wedevs Wp_project_manager: Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access
Missing Authorization vulnerability in weDevs WP Project Manager wedevs-project-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through <= 2.6.7. CVSSv3.1 9.8 (CRITICAL)
CVE-2023-38385 — Artbees Jupiter_x_core: Missing Authorization vulnerability in artbees JupiterX Core jupiterx-core allows Exploiting Incorrectly Configured Access Control
Missing Authorization vulnerability in artbees JupiterX Core jupiterx-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from n/a through 3.0.0-3.3.0. CVSSv3.1 8.3 (HIGH)