Skip to main content
CVE-2024-24882 CRITICAL POC THREAT Emergency

Privilege escalation in the Masteriyo LMS WordPress plugin (versions up to and including 1.7.2) allows remote unauthenticated attackers to assign themselves elevated privileges due to incorrect privilege assignment logic. With a CVSS score of 9.8 and an EPSS score of 31.54% (97th percentile), this flaw poses significant real-world risk, though no public exploit is identified at time of analysis and it is not listed in CISA KEV.

Information Disclosure
NVD VulDB
CVSS 3.1
9.8
EPSS
31.5%
Threat
4.4
CVE-2024-34982 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Lylme Spage
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2024-27954 CRITICAL POC THREAT Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.92.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Path Traversal
NVD
CVSS 3.1
9.3
EPSS
73.0%
CVE-2024-3551 CRITICAL Act Now

The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-32809 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.5%
CVE-2024-33644 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in WPCustomify Customify Site Library allows Code Injection.0.9. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2024-34919 CRITICAL Act Now

An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-32786 CRITICAL Act Now

Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.3.93. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Royal Elementor Addons
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-33567 CRITICAL Act Now

Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-33552 CRITICAL Act Now

Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.3.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Xstore Core
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-32511 CRITICAL Act Now

Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.5.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-31290 CRITICAL Act Now

Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.0.9.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-30542 CRITICAL Act Now

Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Wholesalex
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-22157 CRITICAL Act Now

Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.6.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-33556 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.3.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Xstore Core
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-31351 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic - AI Content Writer & Generator.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Copymatic
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-35845 CRITICAL PATCH Act Now

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-31231 CRITICAL Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.6.1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal PHP
NVD
CVSS 3.1
9.0
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy