Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-23668 — Fortinet Fortiwebmanager: An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager
An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI. CVSSv3.1 8.8 (HIGH) · EPSS 47th percentile
CVE-2024-5348 — Elements: The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in
The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafter_layout' attribute of the beforeafter widget, the 'eventsgrid_layout' attribute of the eventsgrid and list widgets, the 'marquee_layout' attribute of the marquee widget, the 'postgrid_layout' attribute of the postgrid widget, the 'woocart_layout' attribute of the woocart widget, and the 'woogrid_layout' attribute of the woogrid w CVSSv3.1 8.8 (HIGH) · EPSS 59th percentile
CVE-2024-3820 — WordPress: The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries CVSSv3.1 10.0 (CRITICAL) · EPSS 84th percentile
CVE-2024-3200 — Gvectors Wpforo_forum: The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug'
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive CVSSv3.1 9.9 (CRITICAL) · EPSS 77th percentile
CVE-2024-3564 — Vanderwijk Content_blocks: The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code executio CVSSv3.1 8.8 (HIGH) · EPSS 72th percentile
CVE-2024-5345 — Responsive: The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File
The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
v1.2.0
NetExec v1.2.0 release includes 100+ commits with significant enhancements to LDAP enumeration, credential dumping (Google Refresh Tokens, SCCM, VNC, mRemoteNG, mobaxterm), WinRM/MSSQL protocol improvements, PowerShell execution fixes, and new modules for ADCS enumeration, PuTTY credential extraction, and printer bug exploitation. Notable fixes address SMB/LDAP user lookups, BloodHound integration, and cross-platform compatibility.
CVE-2024-1100 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection. This issue affects DIGIKENT GIS: through 2.23.5. CVSSv3.1 9.8 (CRITICAL) · EPSS 41th percentile
CVE-2024-5326 — Post: The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new u CVSSv3.1 8.8 (HIGH) · EPSS 98th percentile
Volatility 3 2.7.0
Volatility 3 2.7.0 released with new plugins for Windows IAT, TrueCrypt, and Linux library enumeration; improvements to driver IRP analysis, thread scanning, and kernel message parsing; and Python 3.12 support.
CVE-2024-3412 — STAGING: The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is
The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.1 (CRITICAL) · EPSS 93th percentile
CVE-2024-4611 — Apppresser Apppresser: The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they previously used the login via the plugin API. This can only be exploited if the 'openssl' php extension is not loaded on the server. CVSSv3.1 8.1 (HIGH) · EPSS 83th percentile
CVE-2023-6743 — Unlimited-elements Unlimited_elements_for_elementor: The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server. CVSSv3.1 8.8 (HIGH) · EPSS 91th percentile
CVE-2024-5204 — Swiss: The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in
The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with contributor-level and above permissions to log in as any existing user on the site, such as an administrator. CVSSv3.1 8.8 (HIGH) · EPSS 33th percentile
CVE-2024-5150 — Login: The Login with phone number plugin for WordPress is vulnerable to authentication bypass in
The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activation_code' default value is empty, and the not empty check is missing in the 'lwp_ajax_register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user email. The vulnerability is patched in version 1.7.26, but the CVSSv3.1 9.8 (CRITICAL) · EPSS 78th percentile
CVE-2024-35563 — CDG: CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId
CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions. CVSSv3.1 9.8 (CRITICAL) · EPSS 38th percentile
CVE-2024-35399 — Totolink Cp900l_firmware: CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth CVSSv3.1 8.8 (HIGH) · EPSS 38th percentile
CVE-2024-35398 — Totolink Cp900l_firmware: CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile
CVE-2024-35397 — Totolink Cp900l_firmware: CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost
TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. CVSSv3.1 8.8 (HIGH) · EPSS 97th percentile
CVE-2024-35396 — Totolink Cp900l_firmware: CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. CVSSv3.1 9.8 (CRITICAL) · EPSS 42th percentile
CVE-2024-35395 — Totolink Cp900l_firmware: CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile
CVE-2024-0867 — Email: The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all
The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement. CVSSv3.1 8.1 (HIGH) · EPSS 80th percentile
CVE-2024-4544 — Pie: The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable
The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. CVSSv3.1 9.8 (CRITICAL) · EPSS 34th percentile
CVE-2024-5085 — Hashthemes Hash_form: The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'process_entry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete CVSSv3.1 8.1 (HIGH) · EPSS 89th percentile
CVE-2024-5084 — Hashthemes Hash_form: The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile