CVE-2024-48029

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through = 1.0...

CVE-2024-48029

CVE-2024-48029 affects the WordPress SB Random Posts Widget. The vulnerability is an improper control of the filename for include/require statements in PHP (PHP Remote File Inclusion) that enables Local File Inclusion via the SB Random Posts Widget

CVE-2024-9956

creationtimestamp| type| source ---|---|--- 2024-10-16 00:28:19+00:00| seen| https://t.me/cvedetector/7964 2025-03-10 15:51:40+00:00| seen| https://t.me/itsecnews/5454 2025-03-15 01:15:00+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/11927 2025-03-18 18:07:27+00:00|...

PT-2024-38333 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.986 Description: The issue allows authenticated attackers with subscriber-level access and above to extract data from password protected posts vi...

CVE-2024-37383

creationtimestamp| type| source ---|---|--- 2024-10-15 14:01:18+00:00| published-proof-of-concept| https://t.me/criticalbug/1567 2024-10-16 12:35:28+00:00| exploited| https://t.me/xakepru/16551 2024-10-22 14:40:05+00:00| exploited| https://t.me/truesecator/6345 2024-10-24 04:06:50+00:00|...

CVE-2024-6757

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the getimagealt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

CVE-2024-6763

creationtimestamp| type| source ---|---|--- 2024-10-14 19:10:56+00:00| seen| https://t.me/cvedetector/7821 2025-09-30 01:31:24+00:00| seen| https://bsky.app/profile/gcpweekly.bsky.social/post/3lzzeuwaoi422 2025-09-30 01:31:29+00:00| seen|...

PT-2024-37853 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to, and including, 3.23.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract either excerpt data or titles of private or...

CVE-2024-9824

The ImagePress – Image Gallery WordPress plugin is affected up to version 1.2.2 by a Broken Access Control issue: missing capability checks on ip_delete_post and ip_update_post_title allow authenticated users with Subscriber+ rights to delete arbitrary posts and change post titles. Public details...

CVE-2024-35202

creationtimestamp| type| source ---|---|--- 2024-10-10 15:55:20+00:00| seen| https://t.me/cvedetector/7600 2025-03-07 16:09:50+00:00| seen| https://bsky.app/profile/dergoegge.bsky.social/post/3ljsfgydzm22p 2025-03-07 16:09:50+00:00| seen|...

CVE-2024-25825

creationtimestamp| type| source ---|---|--- 2024-10-09 19:00:04+00:00| seen| https://t.me/cvedetector/7499 2025-07-30 06:30:15+00:00| seen| https://bsky.app/profile/cscr-bot.bsky.social/post/3lv5yo7ntur27 2025-07-30 07:17:55+00:00| seen|...

WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Featured Posts with Multiple Custom Groups FPMCG versions = 4.0...

WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Featured Posts with Multiple Custom Groups FPMCG versions = 4.0...

WordPress SB Random Posts Widget plugin <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin SB Random Posts Widget versions = 1.0...

WordPress SB Random Posts Widget Plugin <= 1.0 is vulnerable to Local File Inclusion

Software SB Random Posts Widget Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-48029 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 4e7fd324ea44 Credits João Pedro S Alcântara Kinorth Required...

CVE-2024-43468

creationtimestamp| type| source ---|---|--- 2024-10-08 17:54:47+00:00| seen| https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review 2024-10-09 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1390 2024-10-09 10:21:15+00:00| seen|...

WordPress Smart Post Show plugin <= 3.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Pagination Color vulnerability

Authenticated Editor+ Stored Cross-Site Scripting via Pagination Color vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Post Grid, Post Carousel, & List Category Posts – by Smart Post Show versions = 3.0.0...

CVE-2024-44036

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through = 2.5.0...

CVE-2024-44036

CVE-2024-44036 is a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Kodex Posts likes (versions

CVE-2024-44036 WordPress Kodex Posts likes plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pierre Lebedel Kodex Posts likes kodex-posts-likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through = 2.5.0...