Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2024-25100 — Wpswings Coupon_referral_program: Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program coupon-referral-program allows Object
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program coupon-referral-program allows Object Injection.This issue affects Coupon Referral Program: from n/a through < 1.8.4. CVSSv3.1 10.0 (CRITICAL)
CVE-2024-0594 — Getawesomesupport Awesome_support: The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already ex CVSSv3.1 8.8 (HIGH) · EPSS 48th percentile
CVE-2023-6677 — Oduyo Online_collection: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Financial Technology Online Collection allows SQL Injection. This issue affects Online Collection: before v.1.0.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 20th percentile
CVE-2023-6724 — Simgesel Hearing_tracking_system: Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company
Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0. CVSSv3.1 8.8 (HIGH) · EPSS 13th percentile
CVE-2024-25675 — Misp-project Misp: An issue was discovered in MISP before 2.4.184.
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. CVSSv3.1 9.8 (CRITICAL) · EPSS 52th percentile
CVE-2024-25674 — Misp-project Misp: An issue was discovered in MISP before 2.4.184.
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile
CVE-2024-24321 — Dlink Dir-816_firmware: An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code
An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. CVSSv3.1 9.8 (CRITICAL) · EPSS 82th percentile
CVE-2023-6515 — Miateknoloji Mia-med: Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc.
Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7. CVSSv3.1 8.8 (HIGH) · EPSS 9th percentile
CVE-2024-1207 — Wpbookingcalendar Booking_calendar: The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the
The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the da CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile
CVE-2024-1118 — Podlove Podlove_subscribe_button: The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing qu CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
CVE-2023-46360 — Hardy-barth Cph2_echarge_firmware: Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary
Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges. CVSSv3.1 8.8 (HIGH) · EPSS 85th percentile
CVE-2023-46359 — Hardy-barth Cph2_echarge_firmware: An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier
An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2024-24398 — Stimulsoft Dashboards.php: Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker
Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile
CVE-2024-1210 — Learndash Learndash: The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes. CVSSv3.1 5.3 (MEDIUM) · EPSS 96th percentile
CVE-2024-1209 — Learndash Learndash: The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. CVSSv3.1 5.3 (MEDIUM) · EPSS 98th percentile
CVE-2024-1208 — Learndash Learndash: The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions. CVSSv3.1 5.3 (MEDIUM) · EPSS 99th percentile
CVE-2024-1072 — Seedprod Website_builder_by_seedprod: The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page
The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses CVSSv3.1 8.2 (HIGH) · EPSS 44th percentile
CVE-2024-0869 — Connekthq Instant_images_-_one_click_unsplash_uploads: The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels
The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options. CVE-2024-33569 appears to be a duplicate of CVSSv3.1 8.8 (HIGH) · EPSS 60th percentile
CVE-2024-0761 — Filemanagerpro File_manager: The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access. CVSSv3.1 8.1 (HIGH) · EPSS 63th percentile
CVE-2024-0509 — Hwk Wp_404_auto_redirect_to_similar_post: The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to
The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVSSv3.1 6.1 (MEDIUM) · EPSS 97th percentile
CVE-2024-0324 — Cozmoslabs Profile_builder: The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role
The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles. CVSSv3.1 8.2 (HIGH) · EPSS 97th percentile
CVE-2024-0221 — 10web Photo_gallery: The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default this can be exploited by administrators only. In the premium version of the plugin, administrators ca CVSSv3.1 9.1 (CRITICAL) · EPSS 81th percentile
CVE-2023-6996 — Vegacorp Display_custom_fields_in_the_frontend_-_post_and_user_profile_fi: The Display custom fields in the frontend – Post and User Profile Fields plugin
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. This makes it possible for authenticated attackers with contributor-level and above permissions to call arbitrary functions and execute code. CVSSv3.1 8.8 (HIGH) · EPSS 76th percentile
CVE-2023-6989 — Getshieldsecurity Shield_security: The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress
The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile
CVE-2023-6933 — Wpengine Better_search_replace: The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute c CVSSv3.1 8.8 (HIGH) · EPSS 100th percentile