Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-49612 — Infotuts Sw_contact_form: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanjeev SW Contact Form sw-contact-form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)
CVE-2024-49609 — Brandonwhite Author_discussion: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brandon White Author Discussion author-discussion allows Blind SQL Injection.This issue affects Author Discussion: from n/a through <= 0.2.2. CVSSv3.1 8.5 (HIGH)
CVE-2024-47325 — Themeisle Multiple_page_generator: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects MPG: from n/a through <= 3.4.7. CVSSv3.1 8.5 (HIGH)
CVE-2024-49625 — Brandonclark Sitebuilder_dynamic_components: Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Inje
Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through <= 1.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 75th percentile
CVE-2024-49624 — Smartdevth Advanced_advertising_system: Deserialization of Untrusted Data vulnerability in smartdevth Advanced Advertising System advanced-advertising-system allows Object Injection.T
Deserialization of Untrusted Data vulnerability in smartdevth Advanced Advertising System advanced-advertising-system allows Object Injection.This issue affects Advanced Advertising System: from n/a through <= 1.3.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-49623 — Hasanmovahed Duplicate_title_validate: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hasan movahed Duplicate Title Validate duplicate-title-validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)
CVE-2024-49622 — Apa Apa_banner_slider: Cross-Site Request Forgery (CSRF) vulnerability in aatmaadhikari Apa Banner Slider apa-banner-slider allows SQL Injection.This
Cross-Site Request Forgery (CSRF) vulnerability in aatmaadhikari Apa Banner Slider apa-banner-slider allows SQL Injection.This issue affects Apa Banner Slider: from n/a through <= 1.0.0. CVSSv3.1 8.2 (HIGH)
CVE-2024-49621 — Apa Apa_register_newsletter_form: Cross-Site Request Forgery (CSRF) vulnerability in aatmaadhikari APA Register Newsletter Form apa-register-newsletter-form allows SQL
Cross-Site Request Forgery (CSRF) vulnerability in aatmaadhikari APA Register Newsletter Form apa-register-newsletter-form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through <= 1.0.0. CVSSv3.1 8.2 (HIGH)
CVE-2024-49610 — Jackzhu Photokit: Unrestricted Upload of File with Dangerous Type vulnerability in photokiteditor photokit photokit allows Upload
Unrestricted Upload of File with Dangerous Type vulnerability in photokiteditor photokit photokit allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-49608 — Gerryntabuhashe Gerryworks_post_by_mail: Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This
Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through <= 1.0. CVSSv3.1 8.8 (HIGH)
CVE-2024-49607 — Redwanhilali Wp_dropbox_dropins: Unrestricted Upload of File with Dangerous Type vulnerability in redhopit WP Dropbox Dropins wp-dropbox-dropins
Unrestricted Upload of File with Dangerous Type vulnerability in redhopit WP Dropbox Dropins wp-dropbox-dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-49332 — Giveawayboost Giveaway_boost: Deserialization of Untrusted Data vulnerability in giveawayboost Giveaway Boost giveaway-boost allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in giveawayboost Giveaway Boost giveaway-boost allows Object Injection.This issue affects Giveaway Boost: from n/a through <= 2.1.4. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-49331 — Myriadsolutionz Property_lot_management_system: Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System plms allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through <= 4.2.38. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-49330 — Brx8r Nice_backgrounds: Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds nicebackgrounds allows
Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds nicebackgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-49329 — Vivektamrakar Wp_rest_api_fns: Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS
Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through <= 1.0.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-49327 — Asepbagjapriandana Woostagram_connect: Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows
Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through <= 1.0.2. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-49326 — Vasiliskerasiotis Affiliator: Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows
Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through <= 2.1.3. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-49324 — Sovratec Sovratec_case_management: Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management
Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through <= 1.0.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-49626 — Piyushmca Shipyaari_shipping_management: Deserialization of Untrusted Data vulnerability in Piyush Patel Shipyaari Shipping Management shipyaari-shipping-managment allows Object
Deserialization of Untrusted Data vulnerability in Piyush Patel Shipyaari Shipping Management shipyaari-shipping-managment allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through <= 1.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 70th percentile
CVE-2024-49611 — Paxman Product_website_showcase: Unrestricted Upload of File with Dangerous Type vulnerability in paxmanpwnz Product Website Showcase product-websites-showcase
Unrestricted Upload of File with Dangerous Type vulnerability in paxmanpwnz Product Website Showcase product-websites-showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-49604 — Najeebmedia Simple_user_registration: Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration
Authentication Bypass Using an Alternate Path or Channel vulnerability in N-Media Simple User Registration wp-registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through <= 6.7. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-49328 — Vivektamrakar Wp_rest_api_fns: Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API
Authentication Bypass Using an Alternate Path or Channel vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through <= 1.0.0. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-49286 — Moridrin Ssv_events: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jeroen
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jeroen Berkvens SSV Events ssv-events allows PHP Local File Inclusion.This issue affects SSV Events: from n/a through <= 3.2.7. CVSSv3.1 9.6 (CRITICAL)
CVE-2024-49322 — Incorrect: Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through <= 1.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 36th percentile
CVE-2024-49318 — Deserialization: of Untrusted Data vulnerability in Scott My Reading Library my-reading-library allows Object Injection.This
Deserialization of Untrusted Data vulnerability in Scott My Reading Library my-reading-library allows Object Injection.This issue affects My Reading Library: from n/a through <= 1.0. CVSSv3.1 9.8 (CRITICAL)