Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-6318 — Wbolt Imgspider: The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing
The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_img_file' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH)
CVE-2024-2385 — Livemeshelementor Addons_for_elementor: The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion
The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.4 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve CVSSv3.1 8.8 (HIGH)
CVE-2024-6172 — Icegram Email_subscribers_\&_newsletters: The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress &
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries CVSSv3.1 9.8 (CRITICAL)
CVE-2024-5349 — La-studioweb Element_kit_for_elementor: The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.8.1 via the 'map_style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases CVSSv3.1 8.8 (HIGH)
CVE-2024-6387 — Sonicwall Sma_6200_firmware: There is a race condition which can lead sshd to handle some signals in
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. CVSSv3.1 8.1 (HIGH) · EPSS 98th percentile
CVE-2024-2386 — WordPress: The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable
The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that ca CVSSv3.1 8.8 (HIGH)
CVE-2024-6265 — Ayecode Userswp: The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwp_sort_by’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing CVSSv3.1 9.8 (CRITICAL)
CVE-2024-37371 — Mit Kerberos_5: In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. CVSSv3.1 9.1 (CRITICAL) · EPSS 86th percentile
CVE-2024-1107 — Talyabilisim Travel_apps: Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Travel APPS: before v17.0.68. CVSSv3.1 9.8 (CRITICAL) · EPSS 7th percentile
CVE-2024-5535 — Issue: In particular this issue could result in up to 255 bytes of arbitrary private
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only CVSSv3.1 9.1 (CRITICAL) · EPSS 90th percentile
CVE-2024-0949 — Authentication: Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68. CVSSv3.1 9.8 (CRITICAL) · EPSS 7th percentile
CVE-2024-0947 — Reliance: on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens. This issue affects Elektraweb: before v17.0.68. CVSSv3.1 9.8 (CRITICAL) · EPSS 32th percentile
CVE-2024-6054 — Auto-featured-image_project Auto-featured-image: The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH)
CVE-2024-4228 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE -
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE - 522 - Insufficiently Protected Credentials vulnerability in Magarsus Consultancy SSO (Single Sign On) allows SQL Injection. This issue affects SSO (Single Sign On): from 1.0 before 1.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 43th percentile
CVE-2024-6028 — Ays-pro Quiz_maker: The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the
The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-5431 — Themewinter Wpcafe: The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortcode parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, potentially resulting in code execution CVSSv3.1 8.8 (HIGH)
CVE-2024-37228 — Instawp Instawp_connect: Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue
Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.38. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-5683 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion. This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5. CVSSv3.1 9.8 (CRITICAL) · EPSS 41th percentile
CVE-2024-6027 — Themify Product_filter: The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL
The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the dat CVSSv3.1 9.8 (CRITICAL)
CVE-2024-5756 — Icegram Icegram_express: The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress &
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries CVSSv3.1 9.8 (CRITICAL)
CVE-2024-5455 — Posimyth The_plus_addons_for_elementor: The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local
The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sens CVSSv3.1 8.8 (HIGH)
CVE-2024-5503 — Codevibrant Wp_blog_post_layouts: The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion
The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types ca CVSSv3.1 8.8 (HIGH)
CVE-2024-37626 — Totolink A6000r_firmware: A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to
A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. CVSSv3.1 8.8 (HIGH) · EPSS 76th percentile
CVE-2024-37676 — An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds
An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function. CVSSv3.1 8.4 (HIGH) · EPSS 12th percentile
CVE-2024-4098 — Datenverwurstungszentrale Shariff_wrapper: The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions
The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and inc CVSSv3.1 9.8 (CRITICAL)