Skip to main content
CVE-2024-3105 CRITICAL Emergency

The Woody code snippets - Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php'. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 57.9% and no vendor patch available.

Code Injection RCE WordPress
NVD
CVSS 3.1
9.9
EPSS
57.9%
CVE-2024-5871 CRITICAL Act Now

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Woocommerce Social Login
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2024-4258 CRITICAL PATCH Act Now

The Video Gallery - YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP RCE LFI Information Disclosure +1
NVD
CVSS 3.1
9.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy