Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-50504 — Incorrect: Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through <= 1.1. CVSSv3.1 8.8 (HIGH)
CVE-2024-50503 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Deryck User Toolkit user-toolkit
Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck User Toolkit user-toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through <= 1.2.3. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-9990 — Odude Crypto_tool: The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH)
CVE-2024-9989 — Odude Crypto_tool: The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. This is due to a limited arbitrary method call to 'crypto_connect_ajax_process::log_in' function in the 'crypto_connect_ajax_process' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-9988 — Odude Crypto_tool: The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax_process::register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-50550 — Litespeedtech Litespeed_cache: Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through <= 6.5.1. CVSSv3.1 8.1 (HIGH)
CVE-2024-50490 — Authorization: Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by
Missing Authorization vulnerability in lowcage PegaPoll pegapoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through <= 1.0.2. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-50485 — Incorrect: Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through <= 1.5. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-50481 — Incorrect: Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.This issue
Incorrect Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through <= 1.0.1. CVSSv3.1 8.8 (HIGH)
CVE-2024-50476 — Authorization: Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular spendino allows Privilege
Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular spendino allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through <= 1.0.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-50475 — Authorization: Missing Authorization vulnerability in Scott Gamon Signup Page signup-page allows Privilege Escalation.This issue affects
Missing Authorization vulnerability in Scott Gamon Signup Page signup-page allows Privilege Escalation.This issue affects Signup Page: from n/a through <= 1.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-50473 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.3. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-50427 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects
Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through <= 1.9.136. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-50420 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in aDirectory aDirectory adirectory allows Upload
Unrestricted Upload of File with Dangerous Type vulnerability in aDirectory aDirectory adirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through <= 1.3. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-50494 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway
Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce wc-sudan-payment-gateway allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through <= 1.2.2. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-50493 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows
Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through <= 1.0.4. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-50484 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail
Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through <= 1.0.2. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-50482 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design
Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-50480 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO
Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-50496 — Webandprint Ar: Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress
Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through <= 6.6. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-50495 — Widgilabs Plugin_propagator: Unrestricted Upload of File with Dangerous Type vulnerability in nunomorgadinho Plugin Propagator wp-propagator allows
Unrestricted Upload of File with Dangerous Type vulnerability in nunomorgadinho Plugin Propagator wp-propagator allows Upload a Web Shell to a Web Server.This issue affects Plugin Propagator: from n/a through <= 0.1. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-50497 — Buynowdepot Advanced_online_ordering_and_delivery_platform: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wdesco Advanced Online Ordering and Delivery Platform advanced-online-ordering-and-delivery-platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through <= 2.0.0. CVSSv3.1 8.1 (HIGH)
CVE-2024-50491 — Micahblu Rsvp_me: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MicahBlu RSVP ME rsvp-me allows SQL Injection.This issue affects RSVP ME: from n/a through <= 1.9.9. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-50488 — Priyabratasarkar Token_login: Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login
Authentication Bypass Using an Alternate Path or Channel vulnerability in yespbs Token Login token-login allows Authentication Bypass.This issue affects Token Login: from n/a through <= 1.0.3. CVSSv3.1 8.8 (HIGH)
CVE-2024-50483 — Tareqhasan Meetup: Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This
Authorization Bypass Through User-Controlled Key vulnerability in Tareq Hasan Meetup meetup allows Privilege Escalation.This issue affects Meetup: from n/a through <= 0.1. CVSSv3.1 9.8 (CRITICAL)