Latest high severity Vulnerabilities

CVE-2024-22120
Time Based SQL Injection in Zabbix Server Audit Log
CVE-2024-32960
WordPress Booking Ultra Pro plugin 1.1.12 - Privilege Escalation vulnerability
CVE-2024-32959
WordPress Sirv plugin <= 7.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2024-32830
WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability
CVE-2024-5052
Resource consumption vulnerability in Cerberus FTP Enterprise
CVE-2024-32809
WordPress ActiveDEMAND plugin <= 0.2.41 - Arbitrary File Upload vulnerability
CVE-2024-32692
WordPress Chauffeur Taxi Booking System for WordPress plugin <= 6.9 - Broken Authentication vulnerability
CVE-2024-32680
WordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerability
CVE-2024-32523
WordPress Mailster plugin <= 4.0.6 - Unauthenticated Local File Inclusion vulnerability
CVE-2024-32511
WordPress Simple Registration for WooCommerce plugin <= 1.5.6 - Unauthenticated Privilege Escalation vulnerability
CVE-2024-32507
WordPress Login with phone number plugin <= 1.7.16 - Privilege Escalation vulnerability
CVE-2024-31300
WordPress Easy Social Share Buttons plugin <= 9.4 - Local File Inclusion vulnerability
CVE-2024-31290
WordPress Demo My WordPress plugin <= 1.0.9.1 - Unauthenticated Privilege Escalation vulnerability
CVE-2024-31237
WordPress s2Member plugin <= 240315 - Privilege Escalation vulnerability
CVE-2024-31232
WordPress Rehub theme <= 19.6.1 - Local File Inclusion vulnerability
CVE-2024-31231
WordPress Rehub theme <= 19.6.1 - Unauthenticated Local File Inclusion vulnerability
CVE-2024-30542
WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated Privilege Escalation vulnerability
CVE-2024-27971
WordPress Premmerce Permalink Manager for WooCommerce plugin <= 2.3.10 - Local File Inclusion vulnerability
CVE-2024-27955
WordPress Automatic plugin <= 3.92.0 - CSRF to Privilege Escalation vulnerability
CVE-2024-27954
WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability
CVE-2024-24934
WordPress Elementor plugin <= 3.19.0 - Arbitrary File Deletion and Phar Deserialization vulnerability
CVE-2024-24882
WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability
CVE-2024-24869
WordPress Total Upkeep plugin <= 1.15.8 - Arbitrary File Download vulnerability
CVE-2024-22157
WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Privilege Escalation vulnerability
CVE-2024-22145
WordPress InstaWP Connect plugin <= 0.1.0.8 - Arbitrary Option Update to Privilege Escalation vulnerability
CVE-2023-51546
WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.2.1 - Privilege Escalation vulnerability
CVE-2023-51483
WordPress WP Frontend Profile plugin <= 1.3.1 - Unauthenticated Privilege Escalation vulnerability
CVE-2023-51481
WordPress Local Delivery Drivers for WooCommerce plugin <= 1.9.0 - Unauthenticated Account Takeover vulnerability
CVE-2023-51479
WordPress Build App Online plugin <= 1.0.19 - Authenticated Privilege Escalation vulnerability
CVE-2023-51476
WordPress WP MLM Unilevel plugin <= 4.0 - Unauthenticated Account Takeover vulnerability
CVE-2023-51424
WordPress WebinarIgnition plugin <= 3.05.0 - Unauthenticated Privilege Escalation vulnerability
CVE-2023-51398
WordPress Ultimate Addons for Beaver Builder Premium plugin <= 1.35.14 - Privilege Escalation vulnerability
CVE-2023-51356
WordPress ARMember plugin <= 4.0.10 - Privilege Escalation vulnerability
CVE-2023-50890
WordPress Ultimate Addons for Elementor plugin <= 1.36.20 - Privilege Escalation vulnerability
CVE-2023-49753
WordPress Adifier System plugin < 3.1.4 - Local File Inclusion vulnerability
CVE-2023-48757
WordPress JetEngine plugin <= 3.2.4 - Privilege Escalation vulnerability
CVE-2023-47868
WordPress wpForo plugin <= 2.2.3 - Privilege Escalation vulnerability
CVE-2023-47782
WordPress Thrive Theme Builder theme < 3.24.0 - Authenticated Privilege Escalation vulnerability
CVE-2023-47683
WordPress Social Login, Social Sharing by miniOrange plugin <= 7.6.6 - Authenticated Privilege Escalation vulnerability
CVE-2023-47682
WordPress WP User Frontend plugin <= 3.6.5 - Authenticated Privilege Escalation vulnerability
CVE-2023-47178
WordPress The Plus Addons for Elementor Pro plugin <= 5.2.8 - Unauthenticated Local File Inclusion vulnerability
CVE-2023-46784
WordPress ICS Calendar plugin <= 10.12.0.3 - SSRF and Arbitrary File Read vulnerability
CVE-2023-46205
WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 - Local File Inclusion vulnerability
CVE-2023-46197
WordPress Popup by Supsystic plugin <= 1.10.19 - Unauthenticated Subscriber Email Addresses Disclosure
CVE-2023-46145
WordPress Themify Ultra theme <= 7.3.5 - Authenticated Privilege Escalation vulnerability
CVE-2023-44478
WordPress Events Rich Snippets for Google plugin <= 1.8 - CSRF Leading to Privilege Escalation vulnerability
CVE-2024-30527
WordPress WP Express Checkout plugin <= 2.3.7 - Price Manipulation vulnerability
CVE-2024-33549
WordPress WZone plugin <= 14.0.10 - Privilege Escalation vulnerability
CVE-2024-33550
WordPress WP Masquerade plugin <= 1.1.0 - Authenticated Account Takeover vulnerability
CVE-2024-33552
WordPress XStore Core plugin <= 5.3.8 - Unauthenticated Account Takeover vulnerability

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203