Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2020-36717 — Kaliforms Kali_forms: The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions
The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 59th percentile
CVE-2020-36713 — Inspireui Mstore_api: The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.1.5. This is due to unrestricted access to the 'register' and 'update_user_profile' routes. This makes it possible for unauthenticated attackers to create new administrator accounts, delete existing administrator accounts, or escalate privileges on any account. CVSSv3.1 9.8 (CRITICAL) · EPSS 76th percentile
CVE-2020-36712 — Kaliforms Kali_forms: The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in
The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter. CVSSv3.1 8.6 (HIGH) · EPSS 55th percentile
CVE-2020-36708 — Colorlib Activello: The following themes for WordPress are vulnerable to Function Injections in versions up to
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. Thi CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile
CVE-2020-36707 — Wpconcern Nifty_coming_soon_\&_maintenance_mode_page: The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site
The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or having incorrect nonce validation. This makes it possible for unauthenticated attackers to gain and perform otherwise unauthorized access and actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile
CVE-2020-36701 — King-theme Page_builder_king_composer: The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in
The Page Builder: KingComposer plugin for WordPress is vulnerable to Arbitrary File Uploads in versions up to, and including, 2.9.3 via the 'process_bulk_action' function in the 'kingcomposer/includes/kc.extensions.php' file. This makes it possible for authenticated users with author level permissions and above to upload arbitrary files onto the server which can be used to execute code on the server. CVSSv3.1 8.8 (HIGH) · EPSS 83th percentile
CVE-2020-36700 — King-theme Page_builder_kingcomposer: The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions
The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress options, delete arbitrary files/folders, and inject arbitrary content. CVSSv3.1 8.8 (HIGH) · EPSS 45th percentile
CVE-2019-25150 — Wpexperts Email_templates: The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up
The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.3. This makes it possible for attackers to present phishing forms or conduct cross-site request forgery attacks against site administrators. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile
CVE-2019-25142 — Extendthemes Materialis: The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in
The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options. CVSSv3.1 8.8 (HIGH) · EPSS 69th percentile
CVE-2019-25141 — Wp-ecommerce Easy_wp_smtp: The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admin_init() function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to modify the plugins settings and arbitrary options on the site that can be used to inject new administrative user accounts. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile
CVE-2019-25138 — Plugin-planet User_submitted_posts: The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due
The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the usp_check_images function in versions up to, and including, 20190312. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 90th percentile
CVE-2016-15033 — Delete_all_comments_project Delete_all_comments: The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due
The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL) · EPSS 90th percentile
CVE-2023-33782 — Dlink Dir-842v2_firmware: D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3
D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function. CVSSv3.1 8.8 (HIGH) · EPSS 99th percentile
CVE-2023-33781 — Dlink Dir-842v2_firmware: An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing
An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitrary commands via importing a crafted file. CVSSv3.1 8.8 (HIGH) · EPSS 98th percentile
CVE-2023-33532 — Netgear R6250_firmware: There is a command injection vulnerability in the Netgear R6250 router with Firmware Version
There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges. CVSSv3.1 9.8 (CRITICAL) · EPSS 97th percentile
CVE-2023-31569 — Totolink X5000r_firmware: X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function.
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. CVSSv3.1 9.8 (CRITICAL) · EPSS 86th percentile
CVE-2023-33530 — Tenda G103_firmware: There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with
There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges. CVSSv3.1 8.8 (HIGH) · EPSS 70th percentile
CVE-2023-33381 — Mitrastar Gpt-2741gnac_firmware: A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC
A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping function. CVSSv3.1 7.2 (HIGH) · EPSS 98th percentile
CVE-2023-2833 — Wpdeveloper Reviewx: The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update. CVSSv3.1 8.8 (HIGH) · EPSS 96th percentile
CVE-2023-2546 — Wp_user_switch_project Wp_user_switch: The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions
The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpus_allow_user_to_admin_bar_menu' function with the 'wpus_who_switch' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the username. CVSSv3.1 8.8 (HIGH) · EPSS 85th percentile
CVE-2023-2781 — Wisetr User_email_verification_for_woocommerce: The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This allows unauthenticated attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, includ CVSSv3.1 8.1 (HIGH) · EPSS 64th percentile
CVE-2023-3000 — Erikogluteknoloji Energy_monitoring: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602. CVSSv3.1 9.8 (CRITICAL) · EPSS 7th percentile
CVE-2023-2201 — Salephpscripts Web_directory_free: The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’
The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVSSv3.1 8.8 (HIGH) · EPSS 59th percentile
CVE-2023-2987 — Wordapp Wordapp: The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to the plugin to change the 'validation_token' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalatio CVSSv3.1 9.8 (CRITICAL) · EPSS 39th percentile
CVE-2023-33779 — Xuxueli Xxl-job: A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/. CVSSv3.1 8.8 (HIGH) · EPSS 62th percentile