Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-5605 — Davidlingren Media_library_assistant: The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via
The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that c CVSSv3.1 8.8 (HIGH)
CVE-2024-5432 — Webinane Lifeline_donation: The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up
The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-3605 — Thimpress Wp_hotel_booking: The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive inf CVSSv3.1 10.0 (CRITICAL)
CVE-2024-3562 — Custom_field_suite_project Custom_field_suite: The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in
The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval() function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code on the server. CVSSv3.1 8.8 (HIGH)
CVE-2024-3561 — Custom_field_suite_project Custom_field_suite: The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the
The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information CVSSv3.1 8.8 (HIGH)
CVE-2024-38612 — Linux Linux_kernel: This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support")
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't called. This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible use-after-free and null-ptr-deref") replaced un CVSSv3.1 9.8 (CRITICAL) · EPSS 37th percentile
CVE-2024-6132 — Pexels: The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads
The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH)
CVE-2024-5853 — Sirv Sirv: The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-5343 — Photo: The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This makes it possible for unauthenticated attackers to create new posts and reset gallery view counts via a forged request granted they can trick a Contributor+ level user into performing a CVSSv3.1 8.8 (HIGH)
CVE-2024-3229 — Salonbookingsystem Salon_booking_system: The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-5724 — Webhuntinfotech Photo_video_gallery_master: The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection
The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it CVSSv3.1 8.8 (HIGH)
CVE-2024-5021 — WordPress: The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to
The WordPress Picture / Portfolio / Media Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.1 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. CVSSv3.1 9.3 (CRITICAL)
CVE-2024-2381 — Ali2woo Aliexpress_dropshipping_with_alinext: The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH)
CVE-2024-6125 — Login: The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets
The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing a 6-digit numeric reset code. CVSSv3.1 8.1 (HIGH)
CVE-2024-37821 — Dolibarr Dolibarr_erp\/crm: An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. CVSSv3.1 8.8 (HIGH) · EPSS 51th percentile
CVE-2023-37058 — Unionman Jlink_ax1800_firmware: Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile
CVE-2023-37057 — JLINK: Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism. CVSSv3.1 9.8 (CRITICAL) · EPSS 56th percentile
CVE-2024-36543 — Incorrect: access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API. CVSSv3.1 9.8 (CRITICAL) · EPSS 41th percentile
CVE-2024-4258 — Yotuwp Video_gallery: The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and oth CVSSv3.1 9.8 (CRITICAL)
CVE-2024-3105 — Woody: The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress
The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. CVSSv3.1 9.9 (CRITICAL)
CVE-2024-5871 — Wpwebelite Woocommerce_social_login: The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to d CVSSv3.1 9.8 (CRITICAL)
CVE-2024-3813 — Tagdiv Tagdiv_composer: The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all
The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code exe CVSSv3.1 8.8 (HIGH)
CVE-2023-6696 — Sygnoos Popup_builder: plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side CVSSv3.1 8.1 (HIGH)
CVE-2024-2024 — Folders: The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to
The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH)
CVE-2024-2472 — Latepoint Latepoint: The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPr CVSSv3.1 9.1 (CRITICAL)