Skip to main content
CVE-2024-1512 CRITICAL POC THREAT Emergency

The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.6%.

SQLi WordPress Masterstudy Lms
NVD VulDB
CVSS 3.1
9.8
EPSS
93.6%
Threat
6.3
CVE-2024-0610 CRITICAL PATCH Act Now

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi WordPress Piraeus Bank Woocommerce Payment Gateway
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-21495 CRITICAL PATCH Act Now

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Caddy Security
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy