Whalers Blog

CVE ID : CVE-2024-51534 Published : Feb. 1, 2025, 4:15 a.m. | 1 hour, 11 minutes ago Description : Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation…

CVE ID : CVE-2024-13651 Published : Feb. 1, 2025, 4:15 a.m. | 1 hour, 11 minutes ago Description : The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it…

CVE ID : CVE-2024-13547 Published : Feb. 1, 2025, 4:15 a.m. | 1 hour, 11 minutes ago Description : The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it…

CVE ID : CVE-2024-13343 Published : Feb. 1, 2025, 4:15 a.m. | 1 hour, 11 minutes ago Description : The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with…

CVE ID : CVE-2024-12620 Published : Feb. 1, 2025, 4:15 a.m. | 1 hour, 11 minutes ago Description : The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘agl_json’ AJAX action in all versions up to, and…

CVE ID : CVE-2024-12184 Published : Feb. 1, 2025, 4:15 a.m. | 1 hour, 11 minutes ago Description : The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the accua_forms_download_submitted_file() function in all versions up to, and including, 1.9.4. This makes it possible…

CVE ID : CVE-2024-12171 Published : Feb. 1, 2025, 4:15 a.m. | 1 hour, 11 minutes ago Description : The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ‘eh_crm_agent_add_user’ AJAX action in all versions up to, and including, 3.2.6. This makes it…

CVE ID : CVE-2024-11780 Published : Feb. 1, 2025, 4:15 a.m. | 1 hour, 11 minutes ago Description : The Site Search 360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ss360-resultblock’ shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes.…

CVE ID : CVE-2025-24891 Published : Jan. 31, 2025, 11:15 p.m. | 4 hours, 48 minutes ago Description : Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is…

CVE ID : CVE-2025-0929 Published : Jan. 31, 2025, 2:15 p.m. | 13 hours, 48 minutes ago Description : SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’. Severity: 9.8 | CRITICAL Visit…