Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-4318 — Themeum Tutor_lms: The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the
The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the ‘question_id’ parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive informatio CVSSv3.1 8.8 (HIGH) · EPSS 71th percentile
CVE-2024-3750 — Visualizer: The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform arbitrary SQL queries that can be leveraged for privilege escalation among many other actions. CVSSv3.1 8.8 (HIGH) · EPSS 56th percentile
CVE-2024-4670 — One: The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in
The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where i CVSSv3.1 8.8 (HIGH) · EPSS 79th percentile
CVE-2024-4010 — Email: The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax_request function in all versions up to, and including, 5.7.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to cause a loss of confidentiality, integrity, and availability, by performing multiple unauthorized actions. Some of these a CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
CVE-2024-4847 — Alt: The Alt Text AI – Automatically generate image alt text for SEO and accessibility
The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘last_post_id’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already CVSSv3.1 8.8 (HIGH) · EPSS 57th percentile
CVE-2024-4367 — Mozilla Firefox: A type check was missing when handling fonts in PDF.js, which would allow arbitrary
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. CVSSv3.1 8.8 (HIGH) · EPSS 97th percentile
CVE-2024-4605 — Breakdance: The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions
The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata without an underscore prefix. This makes it possible for lower privileged users, such as contributors, to edit this data via UI. As a result they can escalate their privileges or execute arbitrary code. CVSSv3.1 8.8 (HIGH) · EPSS 96th percentile
CVE-2024-4560 — Kognetiks: The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers, with to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 94th percentile
CVE-2024-4441 — XML: The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File
The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded CVSSv3.1 8.1 (HIGH) · EPSS 66th percentile
CVE-2024-4434 — Thimpress Learnpress: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile
CVE-2024-4413 — Hotel: The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in
The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execu CVSSv3.1 9.8 (CRITICAL) · EPSS 89th percentile
CVE-2024-4397 — Thimpress Learnpress: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH) · EPSS 93th percentile
CVE-2024-3954 — Ditty: The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions
The Ditty plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.1.38 via deserialization of untrusted input when adding a new ditty. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files CVSSv3.1 8.8 (HIGH) · EPSS 82th percentile
CVE-2024-3828 — Spectra: The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions
The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated attackers, with author-level access and above, to create administrator-level accounts. CVSSv3.1 8.8 (HIGH) · EPSS 34th percentile
CVE-2024-3809 — Porto: The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion
The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases CVSSv3.1 8.8 (HIGH) · EPSS 56th percentile
CVE-2024-3808 — Porto: The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion
The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or a CVSSv3.1 8.8 (HIGH) · EPSS 61th percentile
CVE-2024-3807 — Porto: The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type', 'slideshow_type' and 'post_layout' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achie CVSSv3.1 8.8 (HIGH) · EPSS 91th percentile
CVE-2024-3806 — Porto: The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile
CVE-2024-3727 — This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. CVSSv3.1 8.3 (HIGH)
CVE-2024-3070 — Last: The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitr CVSSv3.1 9.8 (CRITICAL) · EPSS 86th percentile
CVE-2024-3055 — Unlimited-elements Unlimited_elements_for_elementor: The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that CVSSv3.1 8.8 (HIGH) · EPSS 62th percentile
CVE-2024-4393 — Social: The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up
The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. CVSSv3.1 9.8 (CRITICAL) · EPSS 32th percentile
CVE-2024-33120 — Roothub Roothub: v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile
CVE-2024-4346 — Startklar: The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. CVSSv3.1 9.1 (CRITICAL) · EPSS 96th percentile
CVE-2024-4345 — Startklar: The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due
The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 95th percentile