-
CVE-2024-10957 – UpdraftPlus: WP Backup & Migration Plugin PHP Object Injection
CVE ID : CVE-2024-10957 Published : Jan. 4, 2025, 2:15 p.m. | 6 hours, 7 minutes ago Description : The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the ‘recursive_unserialized_replace’ function. This makes it possible for…
-
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution Vulnerability / Software Security A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could … Read more Published Date: Jan 04, 2025 (5 hours, 54 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-43405 Go to…
-
CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers
In 2024, vulnerability exploitation accounted for 14% of breach entry points, marking a nearly threefold increase from the previous year—a trend that could persist into 2025. At the turn of January 2025, defenders released the first PoC exploit that can crash unpatched Windows Servers by leveraging a critical RCE vulnerability in the Windows Lightweight Directory…
-
CVE-2025-0207 – Code-Projects Online Shoe Store SQL Injection Vulnerability
CVE ID : CVE-2025-0207 Published : Jan. 4, 2025, 1:15 p.m. | 27 minutes ago Description : A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument password leads to sql injection. The…
-
CVE-2025-0208 – Online Shoe Store SQL Injection Vulnerability
CVE ID : CVE-2025-0208 Published : Jan. 4, 2025, 1:15 p.m. | 27 minutes ago Description : A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate…
-
CVE-2024-12475 – “WordPress WP Multi Store Locator Stored Cross-Site Scripting Vulnerability”
CVE ID : CVE-2024-12475 Published : Jan. 4, 2025, 12:15 p.m. | 1 hour, 26 minutes ago Description : The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
-
CVE-2025-0206 – Code-projects Online Shoe Store Remote Unauthenticated Access Control Violation
CVE ID : CVE-2025-0206 Published : Jan. 4, 2025, 12:15 p.m. | 1 hour, 26 minutes ago Description : A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely.…
-
CVE-2024-12195 – WP Project Manager SQL Injection Vulnerability
CVE ID : CVE-2024-12195 Published : Jan. 4, 2025, 12:15 p.m. | 1 hour, 26 minutes ago Description : The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the ‘project_id’ parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions…
-
CVE-2024-12279 – Gravity Forms CSRF vulnerabilitiy allows remote attacker to inject malicious web scripts via forged request
CVE ID : CVE-2024-12279 Published : Jan. 4, 2025, 12:15 p.m. | 1 hour, 26 minutes ago Description : The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for…
-
CVE-2024-12221 – Turnkey bbPress by WeaverTheme WordPress Cross-Site Scripting Vulnerability
CVE ID : CVE-2024-12221 Published : Jan. 4, 2025, 10:15 a.m. | 28 minutes ago Description : The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for…