Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2023-5583 — Maca134 Wp_simple_galleries: The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in
The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target syste CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
CVE-2023-5315 — Matthewschwartz Google_maps_made_simple: The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via
The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from CVSSv3.1 8.8 (HIGH) · EPSS 42th percentile
CVE-2023-5250 — G5theme Grid_plus: The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. CVSSv3.1 8.8 (HIGH) · EPSS 58th percentile
CVE-2023-5199 — Php_to_page_project Php_to_page: The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by CVSSv3.1 9.9 (CRITICAL) · EPSS 90th percentile
CVE-2023-5425 — Wpexpertplugins Post_meta_data_manager: The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges. CVSSv3.1 8.8 (HIGH) · EPSS 45th percentile
CVE-2023-5807 — Trteksolutions Education_portal: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: before 3.2023.29. CVSSv3.1 9.8 (CRITICAL) · EPSS 18th percentile
CVE-2023-46233 — Crypto-js_project Crypto-js: is a JavaScript library of crypto standards.
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration co CVSSv3.1 9.1 (CRITICAL) · EPSS 46th percentile
CVE-2023-5311 — Wpvnteam Wp_extra: The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due
The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution. CVE-2023-46623 appears to be a duplicate o CVSSv3.1 8.8 (HIGH) · EPSS 91th percentile
CVE-2023-46136 — Palletsprojects Werkzeug: This allows an attacker to cause a denial of service by sending crafted multipart
Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an en CVSSv3.1 8.0 (HIGH) · EPSS 69th percentile
CVE-2023-46010 — Seacms Seacms: An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. CVSSv3.1 9.8 (CRITICAL) · EPSS 65th percentile
Citrix Bleed: Leaking Session Tokens with CVE-2023-4966
Citrix Bleed (CVE-2023-4966) is a critical vulnerability allowing unauthenticated attackers to leak session tokens from Citrix NetScaler ADC and Gateway instances. The flaw enables direct credential theft without authentication, leading to complete account compromise and lateral movement within protected networks.
CVE-2023-4999 — Gopiplus Horizontal_scrolling_announcement: The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the
The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to ex CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile
CVE-2023-4386 — Wpdeveloper Essential_blocks: The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute CVSSv3.1 8.1 (HIGH) · EPSS 89th percentile
CVE-2022-4290 — Cyr_to_lat_project Cyr_to_lat: The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via
The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive informat CVSSv3.1 8.8 (HIGH) · EPSS 56th percentile
CVE-2022-2441 — Orangelab Imagemagick_engine: The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the
The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attac CVSSv3.1 8.8 (HIGH) · EPSS 84th percentile
CVE-2021-4334 — Radykal Fancy_product_designer: The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation. CVSSv3.1 8.8 (HIGH) · EPSS 35th percentile
CVE-2023-5576 — Wpvivid Migration\,_backup\,_staging: The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information
The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering. CVSSv3.1 8.0 (HIGH) · EPSS 76th percentile
CVE-2023-5414 — Icegram Icegram_express: The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments. CVSSv3.1 9.1 (CRITICAL) · EPSS 84th percentile
CVE-2023-4598 — Wp-slimstat Slimstat_analytics: The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's
The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from th CVSSv3.1 8.8 (HIGH) · EPSS 36th percentile
CVE-2023-4488 — Hynotech Dropbox_folder_share: The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. CVSSv3.1 9.8 (CRITICAL) · EPSS 65th percentile
CVE-2023-4402 — Wpdeveloper Essential_blocks: The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or exec CVSSv3.1 8.1 (HIGH) · EPSS 86th percentile
CVE-2020-36706 — Simple-press Simple\: The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads
The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 92th percentile
CVE-2020-36698 — Cleantalk Security_\&_malware_scan: The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files. CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile
CVE-2023-45992 — Commscope Ruckus_cloudpath_enrollment_system: A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. CVSSv3.1 9.6 (CRITICAL) · EPSS 44th percentile
CVE-2023-45379 — Posthemes Posrotatorimg: In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from
In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile