Skip to main content
CVE-2024-4577 CRITICAL POC KEV THREAT Emergency

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection PHP Microsoft Fedora
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2024-35661 CRITICAL Act Now

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Upload Fields For Wpforms
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-34802 CRITICAL Act Now

Missing Authorization vulnerability in AdFoxly AdFoxly - Ad Manager, AdSense Ads & Ads.Txt.Txt: from n/a through 1.8.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adfoxly
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-31284 CRITICAL Act Now

Missing Authorization vulnerability in WPDeveloper EmbedPress.9.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Embedpress
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-31283 CRITICAL Act Now

Missing Authorization vulnerability in zorem Advanced Local Pickup for WooCommerce.6.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Advanced Local Pickup For Woocommerce
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-31276 CRITICAL Act Now

Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.0.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Products Order Customers Export For Woocommerce
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-31275 CRITICAL Act Now

Missing Authorization vulnerability in Metagauss EventPrime.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eventprime
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-31352 CRITICAL Act Now

Missing Authorization vulnerability in Email Subscribers & Newsletters.7.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Email Subscribers Newsletters
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-32799 CRITICAL Act Now

Missing Authorization vulnerability in Merv Barrett Easy Property Listings.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Easy Property Listings
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-35660 CRITICAL Act Now

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.0.5.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Master Addons
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33561 CRITICAL Act Now

Missing Authorization vulnerability in 8theme XStore.3.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xstore
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-33545 CRITICAL Act Now

Missing Authorization vulnerability in AA-Team WZone.0.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wzone
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-31273 CRITICAL Act Now

Missing Authorization vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin.8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Js Help Desk
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-30544 CRITICAL Act Now

Missing Authorization vulnerability in UPQODE Whizzy.1.18. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Whizzy
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-30539 CRITICAL Act Now

Missing Authorization vulnerability in Awesome Support Team Awesome Support.1.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Awesome Support
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-30538 CRITICAL Act Now

Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Delucks Seo
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-30512 CRITICAL Act Now

Missing Authorization vulnerability in weForms.6.20. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Weforms
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-25929 CRITICAL Act Now

Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.0.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Product Catalog Mode For Woocommerce
NVD
CVSS 3.1
9.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy