Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-49314 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program
Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through <= 2.5.2. CVSSv3.1 10.0 (CRITICAL) · EPSS 50th percentile
CVE-2024-49305 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce emails-verification-for-woocommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through <= 2.8.10. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-49297 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows SQL Injection.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.7.9.7. CVSSv3.1 8.5 (HIGH)
CVE-2024-49291 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro
Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro cooked-pro.This issue affects Cooked Pro: from n/a through < 1.8.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-49246 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login ajax-rating-with-custom-login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through <= 1.1. CVSSv3.1 9.3 (CRITICAL) · EPSS 32th percentile
CVE-2024-49244 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vrinsoft CSV Product Import Export for WooCommerce csv-wc-product-import-export.This issue affects CSV Product Import Export for WooCommerce: from n/a through <= 1.0.0. CVSSv3.1 8.5 (HIGH) · EPSS 32th percentile
CVE-2024-49219 — Themexpo Rs-members: Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.This issue affects RS-Members
Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.This issue affects RS-Members: from n/a through <= 1.0.3. CVSSv3.1 8.8 (HIGH) · EPSS 49th percentile
CVE-2024-49217 — Madirisalmanaashish Adding_drop_down_roles_in_registration: Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-i
Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through <= 1.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2024-47312 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Grim Classic Editor and Classic Widgets classic-editor-and-classic-widgets allows SQL Injection.This issue affects Classic Editor and Classic Widgets: from n/a through <= 1.4.1. CVSSv3.1 8.5 (HIGH)
CVE-2024-47304 — Wpmanageninja Fluent_support: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Fluent Support fluent-support allows SQL Injection.This issue affects Fluent Support: from n/a through <= 1.8.0. CVSSv3.1 8.5 (HIGH)
CVE-2024-49315 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CodeFlock FREE DOWNLOAD MANAGER free-download-manager allows Path Traversal.This issue affects FREE DOWNLOAD MANAGER: from n/a through <= 1.0.0. CVSSv3.1 8.6 (HIGH) · EPSS 40th percentile
CVE-2024-9863 — Miniorange: The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-49260 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Limbcode WordPress Gallery Plugin –
Unrestricted Upload of File with Dangerous Type vulnerability in Limbcode WordPress Gallery Plugin – Limb Image Gallery limb-gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through <= 1.5.7. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-49254 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in sunjianle ajax-extend ajax-extend allows
Improper Control of Generation of Code ('Code Injection') vulnerability in sunjianle ajax-extend ajax-extend allows Code Injection.This issue affects ajax-extend: from n/a through <= 1.0. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-49253 — Relative: Path Traversal vulnerability in JamesPark.ninja Analyse Uploads analyse-uploads allows Relative Path Traversal.This issue
Relative Path Traversal vulnerability in JamesPark.ninja Analyse Uploads analyse-uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through <= 0.5. CVSSv3.1 8.6 (HIGH) · EPSS 53th percentile
CVE-2024-49242 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows
Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through <= 3.0.5. CVSSv3.1 10.0 (CRITICAL) · EPSS 44th percentile
CVE-2024-49227 — Deserialization: of Untrusted Data vulnerability in foter Free Stock Photos Foter free-stock-photos-foter allows Object
Deserialization of Untrusted Data vulnerability in foter Free Stock Photos Foter free-stock-photos-foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through <= 1.5.4. CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile
CVE-2024-49226 — Deserialization: of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object
Deserialization of Untrusted Data vulnerability in taketin TAKETIN To WP Membership taketin-to-wp-membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through <= 2.8.17. CVSSv3.1 8.8 (HIGH) · EPSS 40th percentile
CVE-2024-49218 — Deserialization: of Untrusted Data vulnerability in Al Imran Akash Recently recently-viewed-most-viewed-and-sold-products-for-woocommerce allows Object Injection.This
Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently recently-viewed-most-viewed-and-sold-products-for-woocommerce allows Object Injection.This issue affects Recently: from n/a through <= 1.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 36th percentile
CVE-2024-49216 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number
Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through <= 0.2.1. CVSSv3.1 10.0 (CRITICAL) · EPSS 44th percentile
CVE-2024-48035 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in takayukii ACF Images Search And
Unrestricted Upload of File with Dangerous Type vulnerability in takayukii ACF Images Search And Insert acf-images-search-and-insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through <= 1.1.4. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-48034 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in fliperrr Creates 3D Flipbook, PDF
Unrestricted Upload of File with Dangerous Type vulnerability in fliperrr Creates 3D Flipbook, PDF Flipbook create-flipbook-from-pdf allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through <= 1.2. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-48030 — Deserialization: of Untrusted Data vulnerability in Webextends Telecash Ricaricaweb telecash-ricaricaweb allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in Webextends Telecash Ricaricaweb telecash-ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through <= 2.2. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-48028 — Deserialization: of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This
Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This issue affects IP Loc8: from n/a through <= 1.1. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-48027 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from
Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing external-featured-image-from-bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through <= 1.0.2. CVSSv3.1 9.9 (CRITICAL)