Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2023-51484 — Incorrect: Privilege Assignment vulnerability in wp-buy Login as User or Customer (User Switching) login-as-customer-or-user
Incorrect Privilege Assignment vulnerability in wp-buy Login as User or Customer (User Switching) login-as-customer-or-user allows Privilege Escalation.This issue affects Login as User or Customer (User Switching): from n/a through <= 3.8. CVSSv3.1 9.8 (CRITICAL)
CVE-2024-32706 — Reputeinfosystems Arforms: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through <= 6.4. CVSSv3.1 8.5 (HIGH)
CVE-2024-32836 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for
Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.5.11. CVSSv3.1 9.1 (CRITICAL)
CVE-2024-3293 — WordPress: The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind
The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to blind SQL Injection via the rtmedia_gallery shortcode in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be us CVSSv3.1 8.8 (HIGH) · EPSS 96th percentile
CVE-2024-32599 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy
Improper Control of Generation of Code ('Code Injection') vulnerability in Deepak anand WP Dummy Content Generator wp-dummy-content-generator.This issue affects WP Dummy Content Generator: from n/a through <= 3.2.1. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-32161 — Jizhicms Jizhicms: 2.5 suffers from a File upload vulnerability.
jizhiCMS 2.5 suffers from a File upload vulnerability. CVSSv3.1 9.8 (CRITICAL) · EPSS 50th percentile
CVE-2024-2961 — Gnu Glibc: The iconv() function in the GNU C Library versions 2.39 and older may overflow
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVSSv3.1 7.3 (HIGH) · EPSS 100th percentile
CVE-2024-3867 — The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the
The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVSSv3.1 6.1 (MEDIUM) · EPSS 95th percentile
CVE-2024-31424 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue
Cross-Site Request Forgery (CSRF) vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.6.93. CVSSv3.1 8.8 (HIGH)
CVE-2024-3211 — Shopping: The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can CVSSv3.1 8.8 (HIGH) · EPSS 54th percentile
CVE-2024-3054 — Wpvivid Migration\,_backup\,_staging: Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all
WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the tree_node[node][id] parameter. This makes it possible for authenticated attackers, with admin-level access and above, to call files using a PHAR wrapper that will deserialize the da CVSSv3.1 7.2 (HIGH) · EPSS 96th percentile
CVE-2023-52070 — Jfree Jfreechart: v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int
JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexOutOfBounds via the 'setSeriesNeedle(int index, int type)' method. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. CVSSv3.1 8.4 (HIGH) · EPSS 17th percentile
CVE-2024-3566 — Haskell Process_library: A command inject vulnerability allows an attacker to perform command injection on Windows applications
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. CVSSv3.1 9.8 (CRITICAL) · EPSS 92th percentile
CVE-2024-23080 — Joda: Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale).
Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. CVSSv3.1 9.1 (CRITICAL) · EPSS 58th percentile
CVE-2024-3136 — Stylemixthemes Masterstudy_lms: The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and in CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile
CVE-2024-3097 — Imagely Nextgen_gallery: The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin. CVSSv3.1 5.3 (MEDIUM) · EPSS 96th percentile
CVE-2024-2804 — Network: The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category'
The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 9.8 (CRITICAL) · EPSS 66th percentile
CVE-2024-2693 — Link: The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in
The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could a CVSSv3.1 8.8 (HIGH) · EPSS 75th percentile
CVE-2024-2342 — Nsquared Simply_schedule_appointments: The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customer_id parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2024-2341 — Nsquared Simply_schedule_appointments: The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access and above, to append additional SQL queries into already existing queries that ca CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
CVE-2024-2340 — Theme-fusion Avada: The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. CVSSv3.1 5.3 (MEDIUM) · EPSS 98th percentile
CVE-2024-2125 — Donweb Envialosimple: The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request
The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to upload malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The Cross-Site Request Forgery was patched CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile
CVE-2024-2018 — Melapress Wp_activity_log: The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via
The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the da CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
CVE-2024-1991 — Metagauss Registrationmagic: The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile
CVE-2024-1990 — Metagauss Registrationmagic: The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append addition CVSSv3.1 8.8 (HIGH) · EPSS 73th percentile