Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-1311 — Brizy Brizy: The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH) · EPSS 93th percentile
CVE-2024-1203 — Conversios Conversios: The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag
The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 7.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into a CVSSv3.1 8.8 (HIGH) · EPSS 72th percentile
CVE-2024-0683 — Autopolis Bulgarisation_for_woocommerce: The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to
The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and above, to generate and delete labels. CVSSv3.1 7.3 (HIGH) · EPSS 96th percentile
CVE-2024-0368 — Wpmudev Hustle: The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII. CVSSv3.1 8.6 (HIGH) · EPSS 82th percentile
CVE-2023-6825 — Mndpsingh287 File_manager: The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory
The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 (free version) and 8.3.4 (Pro version) via the target parameter in the mk_file_folder_manager_action_callback_shortcode function. This makes it possible for attackers to read the contents of arbitrary files on the server, which can contain sensitive information and to upload files into directories other than the intended directory f CVSSv3.1 9.9 (CRITICAL) · EPSS 98th percentile
CVE-2023-5663 — Storeapps News_announcement_scroll: The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the
The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information f CVSSv3.1 8.8 (HIGH) · EPSS 54th percentile
CVE-2024-2123 — Ultimatemember Ultimate_member: The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVSSv3.1 7.2 (HIGH) · EPSS 97th percentile
CVE-2023-42790 — Fortinet Fortiproxy: A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through
A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. CVSSv3.1 8.1 (HIGH) · EPSS 61th percentile
CVE-2023-42789 — Fortinet Fortiproxy: A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5
A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. CVSSv3.1 9.8 (CRITICAL) · EPSS 87th percentile
CVE-2024-1986 — Booster Booster_for_woocommerce: The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads
The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and including, 7.1.7. This makes it possible for customer-level attackers, and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable when the user product upload functionality is enabled. CVSSv3.1 8.8 (HIGH) · EPSS 93th percentile
CVE-2024-1773 — Acowebs Pdf_invoices_and_packing_slips_for_woocommerce: The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to
The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the order_id parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target sys CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2024-1170 — Themekraft Post_form: The Post Form – Registration Form – Profile Form for User Profiles – Frontend
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files. CVSSv3.1 8.2 (HIGH) · EPSS 66th percentile
CVE-2024-1382 — Nicdarkthemes Restaurant_reservations: The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all
The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve cod CVSSv3.1 8.8 (HIGH) · EPSS 76th percentile
CVE-2024-26566 — Iscute Cute_http_file_server: An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate
An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. CVSSv3.1 8.2 (HIGH) · EPSS 44th percentile
CVE-2023-47415 — Cypress Ctm-200_firmware: Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection
Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter. CVSSv3.1 7.5 (HIGH) · EPSS 97th percentile
CVE-2024-27304 — Jackc Pgproto3: SQL injection can occur if an attacker can cause a single query or bind
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size. CVSSv3.1 9.8 (CRITICAL) · EPSS 83th percentile
CVE-2024-27289 — Jackc Pgx: Prior to version 4.18.2, SQL injection can occur when all of the following conditions
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do n CVSSv3.1 8.1 (HIGH) · EPSS 70th percentile
CVE-2023-7103 — Zksoftware Uface_5: Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass. This issue affects UFace 5: through 12022024. CVSSv3.1 9.8 (CRITICAL) · EPSS 6th percentile
CVE-2024-1731 — Rymera Auto_refresh_single_page: The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection
The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arsp_options post meta option. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it cou CVSSv3.1 8.8 (HIGH) · EPSS 79th percentile
CVE-2024-0825 — Davekiss Vimeography: The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP
The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it possible for authenticated attackers attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via CVSSv3.1 8.8 (HIGH) · EPSS 78th percentile
CVE-2024-1859 — Awplife Slider_responsive_slideshow: The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin CVSSv3.1 8.8 (HIGH) · EPSS 73th percentile
CVE-2024-1468 — Theme-fusion Avada: The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 8.8 (HIGH) · EPSS 88th percentile
CVE-2024-1317 — Themeisle Rss_aggregator_by_feedzy: The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
CVE-2024-1206 — Bootstrapped Wp_recipe_maker: The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the
The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the CVSSv3.1 8.8 (HIGH) · EPSS 71th percentile
CVE-2024-0590 — Microsoft Clarity: The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all
The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 6.1 (MEDIUM) · EPSS 96th percentile