Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2023-41652 — Carrcommunications Rsvpmaker: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. CVSSv3.1 8.2 (HIGH) · EPSS 89th percentile
CVE-2023-3277 — Inspireui Mstore_api: The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege
The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile
CVE-2023-34383 — Wedevs Wp_project_manager: A vulnerability in weDevs WP Project Manager wedevs-project-manager.This issue affects WP Project Manager: from
A vulnerability in weDevs WP Project Manager wedevs-project-manager.This issue affects WP Project Manager: from n/a through <= 2.6.0. CVSSv3.1 8.5 (HIGH) · EPSS 43th percentile
CVE-2023-46958 — Lmxcms Lmxcms: An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. CVSSv3.1 9.8 (CRITICAL) · EPSS 67th percentile
CVE-2023-43336 — Sangoma Freepbx: Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile
CVE-2023-42425 — Turing Edge\+_evc5fd_firmware: An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute
An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile
CVE-2023-31212 — Crmperks Database_for_contact_form_7\,_wpforms\,_elementor_forms: A vulnerability in CRM Perks Contact Form Entries contact-form-entries.This issue affects Contact Form Entries
A vulnerability in CRM Perks Contact Form Entries contact-form-entries.This issue affects Contact Form Entries: from n/a through <= 1.3.0. CVSSv3.1 8.5 (HIGH) · EPSS 63th percentile
CVE-2023-28777 — Learndash Learndash: A vulnerability in LearnDash LearnDash LMS sfwd-lms.This issue affects LearnDash LMS: from n/a through
A vulnerability in LearnDash LearnDash LMS sfwd-lms.This issue affects LearnDash LMS: from n/a through <= 4.5.3. CVSSv3.1 8.5 (HIGH) · EPSS 63th percentile
CVE-2023-24000 — Gamipress Gamipress: A vulnerability in Ruben Garcia GamiPress gamipress.This issue affects GamiPress: from n/a through <=
A vulnerability in Ruben Garcia GamiPress gamipress.This issue affects GamiPress: from n/a through <= 2.5.7. CVSSv3.1 8.2 (HIGH) · EPSS 96th percentile
CVE-2023-5099 — Jonashjalmarsson Html_filter_and_csv-file_search: The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases CVSSv3.1 8.8 (HIGH) · EPSS 46th percentile
CVE-2023-5464 — Gopiplus Jquery_accordion_slideshow: The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the
The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information fr CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile
CVE-2023-5439 — Gopiplus Wp_photo_text_slider_50: The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection
The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile
CVE-2023-5438 — Gopiplus Wp_image_slideshow: The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the
The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the CVSSv3.1 8.8 (HIGH) · EPSS 49th percentile
CVE-2023-5437 — Gopiplus Wp_fade_in_text_news: The WP fade in text news plugin for WordPress is vulnerable to SQL Injection
The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from th CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile
CVE-2023-5436 — Gopiplus Vertical_marquee_plugin: The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's
The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the dat CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile
CVE-2023-5435 — Gopiplus Up_down_image_slideshow_gallery: The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection
The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive informat CVSSv3.1 8.8 (HIGH) · EPSS 53th percentile
CVE-2023-5434 — Gopiplus Superb_slideshow_gallery: The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the
The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information fro CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile
CVE-2023-5433 — Gopiplus Message_ticker: The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's
The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the datab CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile
CVE-2023-5431 — Gopiplus Left_right_image_slideshow_gallery: The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection
The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive infor CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile
CVE-2023-5430 — Gopiplus Jquery_news_ticker: The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the
The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the d CVSSv3.1 8.8 (HIGH) · EPSS 38th percentile
CVE-2023-5429 — Gopiplus Information_reel: The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's
The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the da CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile
CVE-2023-5428 — Gopiplus Image_vertical_reel_scroll_slideshow: The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection
The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive info CVSSv3.1 8.8 (HIGH) · EPSS 43th percentile
CVE-2023-5412 — Gopiplus Image_horizontal_reel_scroll_slideshow: The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection
The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive i CVSSv3.1 8.8 (HIGH) · EPSS 93th percentile
CVE-2023-36263 — Store-opart Op\'art_limit_quantity: Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection.
Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. CVSSv3.1 9.8 (CRITICAL) · EPSS 16th percentile
CVE-2023-5843 — Datafeedr Ads_by_datafeedr.com: The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily. CVSSv3.1 9.0 (CRITICAL) · EPSS 93th percentile