Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2023-2229 — Wpspeedx Rduplicator: The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’
The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile
CVE-2023-4596 — Incsub Forminator: The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2021-3262 — Trispark Novusedu: TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end
TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries. CVSSv3.1 9.8 (CRITICAL) · EPSS 64th percentile
Leaking File Contents with a Blind File Oracle in Flarum
Assetnote published research on a blind file oracle vulnerability in Flarum that enables attackers to leak arbitrary file contents through a side-channel technique. The vulnerability allows an unauthenticated attacker to infer file existence and exfiltrate sensitive data without direct file access.
CVE-2023-32079 — Netmaker Netmaker: A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that
Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. CVSSv3.1 8.8 (HIGH) · EPSS 68th percentile
CVE-2023-32077 — Netmaker Netmaker: makes networks with WireGuard.
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workar CVSSv3.1 7.5 (HIGH) · EPSS 99th percentile
CVE-2023-4404 — Wpcharitable Charitable: The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration. CVSSv3.1 9.8 (CRITICAL) · EPSS 48th percentile
CVE-2023-38836 — Boidcms Boidcms: File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks. CVSSv3.1 8.8 (HIGH) · EPSS 99th percentile
CVE-2020-28715 — Leeco Letv_x43_firmware: An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows
An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile
CVE-2023-39809 — Nvki Intelligent_broadband_subscriber_gateway: (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 66th percentile
CVE-2023-39808 — Nvki Intelligent_broadband_subscriber_gateway: (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service. CVSSv3.1 9.8 (CRITICAL) · EPSS 41th percentile
CVE-2023-39807 — Nvki Intelligent_broadband_subscriber_gateway: (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd
N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 40th percentile
CVE-2023-38894 — Tree_kit_project Tree_kit: A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker
A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function. CVSSv3.1 9.8 (CRITICAL) · EPSS 74th percentile
CVE-2020-26037 — Evenbalance Punkbuster: Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code. CVSSv3.1 9.8 (CRITICAL) · EPSS 79th percentile
CVE-2023-3958 — Froger Wp_remote_users_sync: The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request
The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in ver CVSSv3.1 8.5 (HIGH) · EPSS 38th percentile
CVE-2023-2916 — Revmakx Infinitewp_client: The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect CVSSv3.1 7.5 (HIGH) · EPSS 97th percentile
CVE-2023-30187 — Onlyoffice Document_server: An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows
An out of bounds memory access vulnerability in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. CVSSv3.1 9.8 (CRITICAL) · EPSS 77th percentile
CVE-2023-30186 — Onlyoffice Document_server: A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. CVSSv3.1 9.8 (CRITICAL) · EPSS 76th percentile
CVE-2023-37847 — Xxyopen Novel-plus: v3.6.2 was discovered to contain a SQL injection vulnerability.
novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability. CVSSv3.1 9.8 (CRITICAL) · EPSS 47th percentile
CVE-2023-4293 — Wpdownloadmanager Premium_packages_-_sell_digital_products_securely: The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to
The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'profile[role]' parameter during a profile update. CVSSv3.1 8.8 (HIGH) · EPSS 42th percentile
CVE-2023-3452 — Canto Canto: The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the CVSSv3.1 9.8 (CRITICAL) · EPSS 99th percentile
CVE-2023-39806 — Idreamsoft Icms: v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. CVSSv3.1 9.8 (CRITICAL) · EPSS 44th percentile
CVE-2023-39805 — Idreamsoft Icms: v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. CVSSv3.1 9.8 (CRITICAL) · EPSS 44th percentile
CVE-2023-4277 — Pragmaticmates Realia: The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up
The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the 'process_change_profile_form' function. This makes it possible for unauthenticated attackers to change user email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 21th percentile
CVE-2023-4276 — Johnkolbert Absolute_privacy: The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions
The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 26th percentile