Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2023-35911 — Creative-solutions Contact_form_generator: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0. CVSSv3.1 8.5 (HIGH) · EPSS 46th percentile
CVE-2023-28748 — Appjetty Copy_or_move_comments: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. CVSSv3.1 8.5 (HIGH) · EPSS 43th percentile
CVE-2022-46860 — Kaizencoders Short_url: A vulnerability in KaizenCoders Short URL shorten-url.This issue affects Short URL: from n/a through
A vulnerability in KaizenCoders Short URL shorten-url.This issue affects Short URL: from n/a through <= 1.6.4. CVSSv3.1 8.5 (HIGH) · EPSS 43th percentile
CVE-2022-45373 — Wp-slimstat Slimstat_analytics: A vulnerability in VeronaLabs Slimstat Analytics wp-slimstat.This issue affects Slimstat Analytics: from n/a through
A vulnerability in VeronaLabs Slimstat Analytics wp-slimstat.This issue affects Slimstat Analytics: from n/a through <= 5.0.4. CVSSv3.1 8.8 (HIGH) · EPSS 45th percentile
CVE-2023-35910 — Quasar-form Quasar_form: A vulnerability in nucleusgenius Quasar form quasar-form.This issue affects Quasar form: from n/a through
A vulnerability in nucleusgenius Quasar form quasar-form.This issue affects Quasar form: from n/a through <= 6.0. CVSSv3.1 8.5 (HIGH) · EPSS 43th percentile
CVE-2023-36677 — Smartypantsplugins Sp_project_\&_document_manager: A vulnerability in smartypants SP Project & Document Manager sp-client-document-manager.This issue affects SP Project
A vulnerability in smartypants SP Project & Document Manager sp-client-document-manager.This issue affects SP Project & Document Manager : from n/a through <= 4.67. CVSSv3.1 8.3 (HIGH) · EPSS 43th percentile
CVE-2023-36529 — Favethemes Houzez: A vulnerability in Favethemes Houzez CRM houzez-crm.This issue affects Houzez CRM: from n/a through
A vulnerability in Favethemes Houzez CRM houzez-crm.This issue affects Houzez CRM: from n/a through <= 1.3.4. CVSSv3.1 9.9 (CRITICAL) · EPSS 43th percentile
CVE-2023-25800 — Themeum Tutor_lms: A vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through
A vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through <= 2.2.0. CVSSv3.1 8.1 (HIGH) · EPSS 48th percentile
CVE-2023-25700 — Themeum Tutor_lms: A vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through
A vulnerability in Themeum Tutor LMS tutor.This issue affects Tutor LMS: from n/a through <= 2.1.10. CVSSv3.1 8.2 (HIGH) · EPSS 45th percentile
CVE-2022-46818 — Gopiplus Email_posts_to_subscribers: A vulnerability in gopiplus Email posts to subscribers email-posts-to-subscribers.This issue affects Email posts to
A vulnerability in gopiplus Email posts to subscribers email-posts-to-subscribers.This issue affects Email posts to subscribers: from n/a through <= 6.2. CVSSv3.1 8.2 (HIGH) · EPSS 43th percentile
CVE-2022-47445 — Web-x Be-popia-compliant: A vulnerability in Be POPIA Compliant Be POPIA Compliant be-popia-compliant.This issue affects Be POPIA
A vulnerability in Be POPIA Compliant Be POPIA Compliant be-popia-compliant.This issue affects Be POPIA Compliant: from n/a through <= 1.2.0. CVSSv3.1 8.2 (HIGH) · EPSS 43th percentile
CVE-2022-46859 — Spiffyplugins Spiffy_calendar: A vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar.This issue affects Spiffy Calendar: from n/a
A vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar.This issue affects Spiffy Calendar: from n/a through <= 4.9.1. CVSSv3.1 8.5 (HIGH) · EPSS 51th percentile
CVE-2022-46808 — Reputeinfosystems Armember: A vulnerability in reputeinfosystems ARMember armember-membership.This issue affects ARMember: from n/a through <= 3.4.11.
A vulnerability in reputeinfosystems ARMember armember-membership.This issue affects ARMember: from n/a through <= 3.4.11. CVSSv3.1 8.2 (HIGH) · EPSS 43th percentile
CVE-2022-45805 — Paytm Payment_gateway: A vulnerability in integrationdevpaytm Paytm Payment Gateway paytm-payments.This issue affects Paytm Payment Gateway: from
A vulnerability in integrationdevpaytm Paytm Payment Gateway paytm-payments.This issue affects Paytm Payment Gateway: from n/a through <= 2.7.3. CVSSv3.1 8.2 (HIGH) · EPSS 97th percentile
CVE-2023-41652 — Carrcommunications Rsvpmaker: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. CVSSv3.1 8.2 (HIGH) · EPSS 89th percentile
CVE-2023-3277 — Inspireui Mstore_api: The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege
The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile
CVE-2023-34383 — Wedevs Wp_project_manager: A vulnerability in weDevs WP Project Manager wedevs-project-manager.This issue affects WP Project Manager: from
A vulnerability in weDevs WP Project Manager wedevs-project-manager.This issue affects WP Project Manager: from n/a through <= 2.6.0. CVSSv3.1 8.5 (HIGH) · EPSS 43th percentile
CVE-2023-46958 — Lmxcms Lmxcms: An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. CVSSv3.1 9.8 (CRITICAL) · EPSS 67th percentile
CVE-2023-43336 — Sangoma Freepbx: Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile
CVE-2023-42425 — Turing Edge\+_evc5fd_firmware: An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute
An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-31212 — Crmperks Database_for_contact_form_7\,_wpforms\,_elementor_forms: A vulnerability in CRM Perks Contact Form Entries contact-form-entries.This issue affects Contact Form Entries
A vulnerability in CRM Perks Contact Form Entries contact-form-entries.This issue affects Contact Form Entries: from n/a through <= 1.3.0. CVSSv3.1 8.5 (HIGH) · EPSS 63th percentile
CVE-2023-28777 — Learndash Learndash: A vulnerability in LearnDash LearnDash LMS sfwd-lms.This issue affects LearnDash LMS: from n/a through
A vulnerability in LearnDash LearnDash LMS sfwd-lms.This issue affects LearnDash LMS: from n/a through <= 4.5.3. CVSSv3.1 8.5 (HIGH) · EPSS 63th percentile
CVE-2023-24000 — Gamipress Gamipress: A vulnerability in Ruben Garcia GamiPress gamipress.This issue affects GamiPress: from n/a through <=
A vulnerability in Ruben Garcia GamiPress gamipress.This issue affects GamiPress: from n/a through <= 2.5.7. CVSSv3.1 8.2 (HIGH) · EPSS 96th percentile
CVE-2023-5099 — Jonashjalmarsson Html_filter_and_csv-file_search: The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases CVSSv3.1 8.8 (HIGH) · EPSS 46th percentile
CVE-2023-5464 — Gopiplus Jquery_accordion_slideshow: The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the
The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information fr CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile