Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-4186 — Edwiser: The Edwiser Bridge plugin for WordPress is vulnerable to authentication bypass in versions up
The Edwiser Bridge plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. This can only be exploited if the 'Email Verificat CVSSv3.1 9.8 (CRITICAL) · EPSS 67th percentile
CVE-2024-33599 — Gnu Glibc: nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd)
nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVSSv3.1 8.1 (HIGH) · EPSS 75th percentile
CVE-2024-3240 — ConvertPlug: The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions
The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the targ CVSSv3.1 8.8 (HIGH) · EPSS 72th percentile
CVE-2024-4033 — One: The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH) · EPSS 93th percentile
CVE-2024-3895 — Androidbubbles Wp_datepicker: The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options that can be used for privilege escalation. This was partially patched in 2.0.9 and 2.1.0, and fully patched in 2.1.1. CVSSv3.1 8.8 (HIGH) · EPSS 51th percentile
CVE-2024-3849 — Click: The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File
The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be u CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
CVE-2024-3729 — Dynamiapps Frontend_admin: The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can be used to add and edit administrator user for privilege escalation, or to automatically log in users for authentication bypass, or manipulate the post processing form that can be u CVSSv3.1 9.8 (CRITICAL) · EPSS 68th percentile
CVE-2024-3500 — Wpmet Elementskit: The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all
The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in c CVSSv3.1 8.8 (HIGH) · EPSS 77th percentile
CVE-2024-3499 — Wpmet Elements_kit_elementor_addons: The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generate_navigation_markup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, o CVSSv3.1 8.8 (HIGH) · EPSS 82th percentile
CVE-2024-2876 — Email: The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress &
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2024-2831 — Calendar: The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes
The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 8.8 (HIGH) · EPSS 67th percentile
CVE-2024-2667 — Instawp Instawp_connect: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for unauthenticated attackers to upload arbitrary files. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2024-2661 — Barcode: plugin for WordPress is vulnerable to blind SQL Injection via the ‘currentIds’ parameter in
The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to blind SQL Injection via the ‘currentIds’ parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access or higher, to append additional S CVSSv3.1 8.8 (HIGH) · EPSS 71th percentile
CVE-2024-2417 — User: The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the form_save_action() function in all versions up to, and including, 3.1.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the registration form and make the default registration role administrator. This subsequently allows the atta CVSSv3.1 8.8 (HIGH) · EPSS 61th percentile
CVE-2024-1797 — Wpulike Wp_ulike: The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable
The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL Injection via the 'status' and 'id' attributes of the 'wp_ulike_counter' and 'wp_ulike' shortcodes in all versions up to, and including, 4.6.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional S CVSSv3.1 8.8 (HIGH) · EPSS 66th percentile
CVE-2024-1567 — Royal-elementor-addons Royal_elementor_addons: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible. CVSSv3.1 8.2 (HIGH) · EPSS 88th percentile
CVE-2024-27053 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU usage 6.7.0-rc1-wt+ #333 Not tainted ----------------------------- drivers/net/wireless/microchip/wilc1000/hif.c:386 suspicious rcu_dereference_check() usage! [...] stack backtrace: CPU: 0 PID: 100 Comm: w CVSSv3.1 9.1 (CRITICAL) · EPSS 31th percentile
CVE-2024-4185 — Customer: The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification, and if both the "Login the user automatically after the account is verified" and "Verify account for current users" options are checked, then it potentially makes i CVSSv3.1 8.1 (HIGH) · EPSS 48th percentile
CVE-2024-2663 — YouTube: The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery
The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. CVSSv3.1 8.3 (HIGH) · EPSS 52th percentile
CVE-2024-34010 — Local privilege escalation due to unquoted search path vulnerability.
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575. CVSSv3.1 8.2 (HIGH) · EPSS 28th percentile
CVE-2024-3375 — Incorrect: Permission Assignment for Critical Resource vulnerability in Havelsan Inc.
Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84. CVSSv3.1 9.4 (CRITICAL) · EPSS 38th percentile
CVE-2024-3342 — Timetable: The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries CVSSv3.1 9.9 (CRITICAL) · EPSS 54th percentile
CVE-2024-25343 — Tenda N300_firmware: N300 F3 router vulnerability allows users to bypass intended security policy and create
Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords. CVSSv3.1 9.1 (CRITICAL) · EPSS 40th percentile
CVE-2024-28327 — Asus: RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers
Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings. CVSSv3.1 8.4 (HIGH) · EPSS 4th percentile
CVE-2024-3962 — Themeisle Product_addons_\&_fields_for_woocommerce: The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires the PPOM Pro plugin to be installed along with a WooCommerce product t CVSSv3.1 9.8 (CRITICAL) · EPSS 93th percentile