Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-5577 — Where: The Where I Was, Where I Will Be plugin for WordPress is vulnerable to
The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on external servers, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. This requires allow_url CVSSv3.1 9.8 (CRITICAL)
CVE-2024-4404 — Wpmet Elementskit: The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions
The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. CVSSv3.1 8.5 (HIGH)
CVE-2024-4936 — Canto Canto: The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to be enabled on the target site in order to exploit. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-4371 — Codexpert Codesigner: The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More
The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recently_viewed_products cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme ins CVSSv3.1 9.0 (CRITICAL)
CVE-2024-3922 — Dokan Dokan: The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code'
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-4898 — Instawp Instawp_connect: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-4845 — Icegram Icegram_express: The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’
The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive informatio CVSSv3.1 8.8 (HIGH)
CVE-2024-5543 — Slideshow: The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via
The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive informat CVSSv3.1 8.1 (HIGH)
CVE-2024-30103 — Microsoft 365_apps: Outlook Remote Code Execution Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability CVSSv3.1 8.8 (HIGH) · EPSS 95th percentile
CVE-2024-3549 — Adenion Blog2social: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used t CVSSv3.1 9.9 (CRITICAL) · EPSS 70th percentile
CVE-2023-7264 — Buildapp Build_app_online: The Build App Online plugin for WordPress is vulnerable to account takeover due to
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code. CVSSv3.1 8.1 (HIGH) · EPSS 83th percentile
CVE-2024-3668 — Ideabox Powerpack_addons_for_elementor: The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in
The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator. CVSSv3.1 8.8 (HIGH) · EPSS 40th percentile
CVE-2024-3592 — Expresstech Quiz_and_survey_master: The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing quer CVSSv3.1 9.9 (CRITICAL) · EPSS 68th percentile
CVE-2024-3166 — Mintplexlabs Anythingllm_desktop: A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version
A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, which can be exploited to execute arbitrary JavaScript code. In the desktop application, this flaw can be escalated to Remote Code Execution (RCE) due to insecure application settings, CVSSv3.1 9.6 (CRITICAL) · EPSS 57th percentile
CVE-2024-5329 — Unlimited-elements Unlimited_elements_for_elementor: The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing CVSSv3.1 8.8 (HIGH) · EPSS 70th percentile
CVE-2024-5153 — Web-shop-host Startklar_elmentor_addons: The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all
The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzone_hash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can contain sensitive information, and to delete arbitrary directories, including the root WordPress directory. CVSSv3.1 9.1 (CRITICAL) · EPSS 90th percentile
CVE-2024-5324 — Xootix Login\/signup_popup: Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of
Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator. CVSSv3.1 8.8 (HIGH) · EPSS 98th percentile
CVE-2024-5179 — Codeless Cowidgets_elementor_addons: The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in c CVSSv3.1 8.8 (HIGH) · EPSS 63th percentile
CVE-2023-6968 — Themoneytizer The_moneytizer: The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all
The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.6.3. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions via a forged request granted they can trick a site administrator CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile
CVE-2023-6966 — Themoneytizer The_moneytizer: The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification
The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/core_ajax.php file in all versions up to, and including, 9.6.3. This makes it possible for authenticated attackers, with subscriber access and above, to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lowe CVSSv3.1 8.1 (HIGH) · EPSS 65th percentile
CVE-2024-4743 — Lifterlms Lifterlms: The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing CVSSv3.1 8.8 (HIGH) · EPSS 59th percentile
CVE-2024-4295 — Icegram Email_subscribers_\&_newsletters: The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in all versions up to, and including, 5.7.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2024-35700 — Userproplugin Userpro: Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through
Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-33568 — Bdthemes Element_pack: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BdThemes
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BdThemes Element Pack Pro bdthemes-element-pack.This issue affects Element Pack Pro: from n/a through < 7.19.3. CVSSv3.1 8.5 (HIGH)
CVE-2024-4552 — Social: The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass
The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. CVSSv3.1 9.8 (CRITICAL) · EPSS 45th percentile