Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-51843 — Olland Horsemanager: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in fruitcakestudios Horsemanager fruitcake-horsemanager allows Blind SQL Injection.This issue affects Horsemanager: from n/a through <= 1.3. CVSSv3.1 8.5 (HIGH)
CVE-2024-51837 — Andsonsdesign Wp-contest: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sophia M Williams WP Contest wp-contest allows SQL Injection.This issue affects WP Contest: from n/a through <= 1.0.0. CVSSv3.1 8.5 (HIGH)
CVE-2024-51820 — Lsquared L_squared_hub: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wplsquared L Squared Hub WP l-squared-hub-wp-virtual-device allows SQL Injection.This issue affects L Squared Hub WP: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)
CVE-2024-51793 — Webfulcreations Computer_repair_shop: Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows
Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through <= 3.8115. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-51792 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record
Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record audio-record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-51791 — Upload: Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms
Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through <= 2.8.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-51790 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in HB WEBSOL HB AUDIO GALLERY
Unrestricted Upload of File with Dangerous Type vulnerability in HB WEBSOL HB AUDIO GALLERY hb-audio-gallery allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through <= 3.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-51789 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify image-classify allows
Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify image-classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through <= 1.0.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-51788 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design
Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory noveldesign-store-directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through <= 4.3.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-51608 — Pluginhandy Amadiscount: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in colinph970 AmaDiscount amadiscount allows SQL Injection.This issue affects AmaDiscount: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)
CVE-2024-51606 — Blrt Blrt_wp_embed: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Blrt Blrt WP Embed blrt-wp-embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through <= 1.6.9. CVSSv3.1 8.5 (HIGH)
CVE-2024-51623 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mehral WP EIS wp-eis allows SQL Injection.This issue affects WP EIS: from n/a through <= 1.3.3. CVSSv3.1 8.5 (HIGH)
CVE-2024-50544 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9. CVSSv3.1 8.5 (HIGH)
CVE-2024-50539 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in lodgix Lodgix.com Vacation Rental Website Builder lodgixcom-vacation-rental-listing-management-booking-plugin allows SQL Injection.This issue affects Lodgix.com Vacation Rental Website Builder: from n/a through <= 3.9.73. CVSSv3.1 8.5 (HIGH)
CVE-2024-50524 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quý Lê 91 Administrator Z administrator-z allows Blind SQL Injection.This issue affects Administrator Z: from n/a through < 2024.10.21. CVSSv3.1 8.5 (HIGH)
CVE-2024-51625 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in edckwt Quran Shortcode quran-shortcode allows Blind SQL Injection.This issue affects Quran Shortcode: from n/a through <= 1.5. CVSSv3.1 8.5 (HIGH)
CVE-2024-51621 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reza19 Download-Mirror-Counter wp-download-mirror-counter allows SQL Injection.This issue affects Download-Mirror-Counter: from n/a through <= 1.1. CVSSv3.1 8.5 (HIGH)
CVE-2024-51620 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in porsline Porsline porsline allows Blind SQL Injection.This issue affects Porsline: from n/a through <= 1.0.2. CVSSv3.1 8.5 (HIGH)
CVE-2024-51619 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in market360 Market 360 Viewer market-360-viewer allows Blind SQL Injection.This issue affects Market 360 Viewer: from n/a through <= 1.01. CVSSv3.1 8.5 (HIGH)
CVE-2024-51607 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in percent20 Golf Tracker golf-tracker allows SQL Injection.This issue affects Golf Tracker: from n/a through <= 0.7. CVSSv3.1 8.5 (HIGH)
CVE-2024-51602 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in oleksandr87 Simple Job Manager simple-job-manager allows SQL Injection.This issue affects Simple Job Manager: from n/a through <= 1.1. CVSSv3.1 8.5 (HIGH)
CVE-2024-51601 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Maksym Marko Website price calculator price-calculator-to-your-website allows SQL Injection.This issue affects Website price calculator: from n/a through <= 4.1. CVSSv3.1 8.5 (HIGH)
CVE-2024-51579 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team: Tobias 5 Stars Rating Funnel 5-stars-rating-funnel.This issue affects 5 Stars Rating Funnel: from n/a through <= 1.4.01. CVSSv3.1 8.5 (HIGH)
CVE-2024-51570 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in odihost Easy Gallery simple-gallery-odihost allows SQL Injection.This issue affects Easy Gallery: from n/a through <= 1.4. CVSSv3.1 8.5 (HIGH)
CVE-2024-10586 — Debug: The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. CVE-2024-52416 may be a duplicate of this issue. CVSSv3.1 9.8 (CRITICAL)