Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7212 matches found

CVE
CVEadded 2024/06/21 2:5 a.m.51 views

CVE-2024-5503

CVE-2024-5503 refers to a Local File Inclusion flaw in the WP Blog Post Layouts plugin for WordPress, affecting all versions up to 1.1.3. The vulnerability allows authenticated users with Contributor+ rights to include and execute arbitrary PHP files on the server, potentially bypassing access co...

8.8CVSS8.9AI score0.00822EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichmentadded 2024/06/21 2:5 a.m.11 views

CVE-2024-5503 WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

8.8CVSS7.7AI score0.00822EPSS
Exploits0References8
GithubExploit
GithubExploitadded 2024/06/21 1:41 a.m.359 views

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

CVE-2023-30253 CVE-2023-30253 PoC Description This is my Po...

8.8CVSS9.2AI score0.79195EPSS
Exploits16
CNNVD
CNNVDadded 2024/06/21 12:0 a.m.5 views

WordPress plugin The Plus Addons for Elementor security vulnerability

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

8.8CVSS7AI score0.00619EPSS
Exploits0References3
OSV
OSVadded 2024/06/20 7:15 a.m.3 views

CVE-2024-4098

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uufetchsharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

9.8CVSS6.3AI score0.0101EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/06/20 6:58 a.m.16 views

CVE-2024-4098 Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uufetchsharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

9.8CVSS9.9AI score0.0101EPSS
Exploits0References3
OSV
OSVadded 2024/06/20 2:15 a.m.18 views

CVE-2024-3562

The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval function. This makes it possible for authenticated...

8.8CVSS7.7AI score
Exploits0References4
NVD
NVDadded 2024/06/20 2:15 a.m.22 views

CVE-2024-3562

The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval function. This makes it possible for authenticated...

8.8CVSS0.0063EPSS
Exploits0References4
Cvelist
Cvelistadded 2024/06/20 2:8 a.m.21 views

CVE-2024-3562 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) PHP Code Injection via Loop Custom Field

The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval function. This makes it possible for authenticated...

8.8CVSS0.0063EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2024/06/20 2:8 a.m.15 views

CVE-2024-3562 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) PHP Code Injection via Loop Custom Field

The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval function. This makes it possible for authenticated...

8.8CVSS7.8AI score0.0063EPSS
Exploits0References4
CVE
CVEadded 2024/06/20 2:8 a.m.61 views

CVE-2024-3562

CVE-2024-3562 : The WordPress plugin Custom Field Suite is vulnerable to PHP Code Injection via the Loop custom field. The issue stems from insufficient sanitization before using input in eval(), allowing authenticated attackers with contributor-level access or higher to execute arbitrary PHP on ...

8.8CVSS8.9AI score0.0063EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2024/06/19 9:15 p.m.22 views

CVE-2024-36679

In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...

10CVSS0.00606EPSS
Exploits0References1
Veracode
Veracodeadded 2024/06/19 12:0 p.m.41 views

OS Command Injection

php81 is vulnerable to OS Command Injection. The vulnerability is due to misinterpretation of characters in the command line by the PHP CGI module when using certain code pages on Windows. This may allow a malicious user to pass options to the PHP binary, potentially revealing source code, runnin...

9.8CVSS9.6AI score0.99987EPSS
Exploits64References23Affected Software3
CVE
CVEadded 2024/06/19 5:37 a.m.45 views

CVE-2024-5574

CVE-2024-5574 affects WP Magazine Modules Lite for WordPress (all versions up to 1.1.2). The vulnerability is Local File Inclusion via the blockLayout parameter, enabling authenticated users with Contributor-level access or higher to include and execute arbitrary PHP files on the server, potentia...

7.5CVSS8AI score0.00758EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/06/19 12:0 a.m.12 views

CVE-2024-36679

In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...

7.5AI score0.00606EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/06/19 12:0 a.m.28 views

CVE-2024-36679

In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...

0.00606EPSS
Exploits0References1
CNNVD
CNNVDadded 2024/06/19 12:0 a.m.4 views

PrestaShop livechatpro Security Breach

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution offers multiple payment methods, short message alerts, and product image zoom. A security vulnerability exists in PrestaShop livechatpro version 8.4.0 and earlier, which stems from the presence of...

10CVSS7.2AI score0.00606EPSS
Exploits0References2
CVE
CVEadded 2024/06/19 12:0 a.m.46 views

CVE-2024-36679

CVE-2024-36679 affects Module Live Chat Pro (All in One Messaging) for PrestaShop, versions

10CVSS7.6AI score0.00606EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/06/15 8:42 a.m.22 views

CVE-2024-4258 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion

The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

9.8CVSS8.2AI score0.0077EPSS
Exploits0References3
OSV
OSVadded 2024/06/15 2:15 a.m.1 views

CVE-2024-3813

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'tdblocktitle' shortcode 'blocktemplateid' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and...

8.8CVSS6.3AI score
Exploits0References2
Rows per page
Query Builder