Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-4471 — Widgets: The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable
The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'export_content' function. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could all CVSSv3.1 8.0 (HIGH) · EPSS 66th percentile
CVE-2024-4779 — Unlimited-elements Unlimited_elements_for_elementor: The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing qu CVSSv3.1 8.8 (HIGH) · EPSS 70th percentile
CVE-2024-4662 — Oxygen: The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all
The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to inject arbitrary PHP code via the WordPress user interface and gain elevated privileges. CVSSv3.1 8.8 (HIGH) · EPSS 92th percentile
CVE-2024-5031 — Caseproof Memberpress: The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all
The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. CVSSv3.1 8.5 (HIGH) · EPSS 66th percentile
CVE-2024-3495 — Country: The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2024-5147 — Wpzoom Wpzoom_elementor_addons: The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local
The WPZOOM Addons for Elementor (Templates, Widgets) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'grid_style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “saf CVSSv3.1 9.8 (CRITICAL) · EPSS 73th percentile
CVE-2024-2088 — Nextscripts Social_networks_auto_poster: The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and secrets. CVSSv3.1 8.5 (HIGH) · EPSS 63th percentile
CVE-2024-4443 — Businessdirectoryplugin Business_directory: The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is
The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘listingfields’ parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract s CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2024-3518 — Davidlingren Media_library_assistant: The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the
The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from CVSSv3.1 8.8 (HIGH) · EPSS 78th percentile
CVE-2024-4442 — Salonbookingsystem Salon_booking_system: The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in
The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. This was partially patched in 9.9, and sufficiently patched in 10.0. C CVSSv3.1 9.1 (CRITICAL) · EPSS 97th percentile
CVE-2024-35960 — Linux Linux_kernel: These two behaviors can result in a situation where create_flow_handle 1) creates a new
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle tries hard to find and reference already existing identical rules instead of creating new ones. These two behaviors can result in a situation where create_flow_handle 1) creates a new rule and referen CVSSv3.1 9.1 (CRITICAL) · EPSS 83th percentile
CVE-2024-35955 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free
In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a CVSSv3.1 8.8 (HIGH) · EPSS 56th percentile
CVE-2024-2771 — Fluentforms Contact_form: The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's settings and features. This also makes CVSSv3.1 9.8 (CRITICAL) · EPSS 96th percentile
CVE-2024-3810 — Salient: The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all
The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases w CVSSv3.1 8.8 (HIGH) · EPSS 64th percentile
CVE-2024-35845 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it. CVSSv3.1 9.1 (CRITICAL) · EPSS 50th percentile
CVE-2024-32959 — Sirv Sirv: Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects
Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2. CVSSv3.1 8.8 (HIGH)
CVE-2024-32523 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6. CVSSv3.1 8.1 (HIGH)
CVE-2024-32507 — Incorrect: Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects
Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.16. CVSSv3.1 8.8 (HIGH)
CVE-2024-27971 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through <= 2.3.10. CVSSv3.1 8.3 (HIGH)
CVE-2024-24882 — Themegrill Masteriyo: Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo -
Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile
CVE-2024-22145 — Instawp Instawp_connect: Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from
Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. CVSSv3.1 8.8 (HIGH)
CVE-2024-3551 — Penci: The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion
The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploade CVSSv3.1 9.8 (CRITICAL) · EPSS 78th percentile
CVE-2024-4352 — Themeum Tutor_lms: The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-leve CVSSv3.1 8.8 (HIGH) · EPSS 96th percentile
CVE-2024-4351 — Themeum Tutor_lms: The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account. CVSSv3.1 8.8 (HIGH) · EPSS 97th percentile
CVE-2024-4223 — Themeum Tutor_lms: The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data. CVSSv3.1 9.8 (CRITICAL) · EPSS 85th percentile