Skip to main content
CVE-2024-24882 CRITICAL POC THREAT Emergency

Privilege escalation in the Masteriyo LMS WordPress plugin (versions up to and including 1.7.2) allows remote unauthenticated attackers to assign themselves elevated privileges due to incorrect privilege assignment logic. With a CVSS score of 9.8 and an EPSS score of 31.54% (97th percentile), this flaw poses significant real-world risk, though no public exploit is identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
31.5%
Threat
4.4
CVE-2024-27971 HIGH Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 50.4% and no vendor patch available.

Information Disclosure WordPress LFI PHP
NVD VulDB
CVSS 3.1
8.3
EPSS
50.4%
CVE-2024-32523 HIGH Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.0.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 35.5% and no vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
8.1
EPSS
35.5%
CVE-2024-34982 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Lylme Spage
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2024-27954 CRITICAL POC THREAT Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.92.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal
NVD
CVSS 3.1
9.3
EPSS
73.0%
CVE-2024-22120 HIGH POC THREAT This Week

Zabbix server can perform command execution for configured scripts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zabbix
NVD
CVSS 3.1
8.8
EPSS
76.6%
CVE-2024-22145 HIGH Act Now

Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.1.0.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.3% and no vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
19.3%
CVE-2024-34997 HIGH POC This Week

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Deserialization Joblib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-5065 MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Online Course Registration System 3.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Course Registration System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5064 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Course Registration System 3.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Course Registration System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5063 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Course Registration System 3.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Course Registration System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5047 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Student Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.9%
CVE-2024-5046 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Examination System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Examination System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-5045 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Online Birth Certificate Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-2697 MEDIUM POC This Month

The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Swift Framework
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-5044 MEDIUM POC This Month

A vulnerability was found in Emlog Pro 2.3.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Emlog
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
1.0%
CVE-2024-3580 MEDIUM POC This Month

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup4Phone
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3231 MEDIUM POC This Month

The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup4Phone
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-3551 CRITICAL Act Now

The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-32809 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.5%
CVE-2023-46197 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.10.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.1% and no vendor patch available.

Path Traversal Popup
NVD
CVSS 3.1
5.3
EPSS
23.1%
CVE-2024-33644 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.0.9. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2024-34919 CRITICAL Act Now

An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-32786 CRITICAL Act Now

Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.3.93. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Royal Elementor Addons
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-33567 CRITICAL Act Now

Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-33552 CRITICAL Act Now

Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.3.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Xstore Core
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-32511 CRITICAL Act Now

Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.5.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-31290 CRITICAL Act Now

Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.0.9.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-30542 CRITICAL Act Now

Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Wholesalex
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-22157 CRITICAL Act Now

Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.6.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33556 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.3.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Xstore Core
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-31351 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic - AI Content Writer & Generator.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Copymatic
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-34959 MEDIUM POC This Month

DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-35110 MEDIUM POC This Month

A reflected XSS vulnerability has been found in YzmCMS 7.1. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Yzmcms
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-5069 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Mens Salon Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Simple Online Men S Salon Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5066 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Online Course Registration System 3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Online Course Registration System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5051 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Gas Agency Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Gas Agency Management System
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-5049 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload E Commerce Site
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-5048 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Budget Management 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Budget Management
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-35845 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-5043 MEDIUM POC This Month

A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Emlog
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-31231 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.6.1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2024-32507 HIGH This Week

Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.7.16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-32959 HIGH This Week

Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-27955 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WP Automatic Automatic allows Privilege Escalation.92.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-34241 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rocket Lms
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
0.8%
CVE-2024-34058 HIGH This Week

The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail message). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-35854 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-35814 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fix double-allocation of slots due to broken alignment handling Commit bbb73a103fbb ("swiotlb: fix a braino in the. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-32960 HIGH This Week

Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.1.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy