Skip to main content
CVE-2024-12471 HIGH This Week

The Post Saint AI content generator WordPress plugin through version 1.3.1 allows authenticated subscribers to upload arbitrary files via the add_image_to_library AJAX action. A missing capability check combined with no file type validation enables low-privilege users to deploy PHP webshells and achieve remote code execution.

RCE Code Injection WordPress
NVD
CVSS 3.1
8.8
EPSS
62.7%
CVE-2024-12157 HIGH This Month

The Popup - MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
10.2%
CVE-2025-22395 HIGH This Month

Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Privilege Escalation Update Package Framework
NVD
CVSS 3.1
8.2
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy