#recon
1
From cvefeed.io
CVE-2023-31279 - AirVantage Unauthorized Device Registration Remote Command Execution
1 1
The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered devices on the AirVantage platform when the owner has not disabled the AirVantage Management Service on the devices or registered the device. This could enable an attacker to configure, manage,...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
23h ago
1
From cvefeed.io
CVE-2024-11349 - "AdForest WordPress Authentication Bypass Vulnerability"
1 1
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
17h ago
1
From cvefeed.io
CVE-2024-12066 - WordPress SMSA Shipping Plugin Remote File Deletion Vulnerability
1 1
The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
16h ago
1
From cvefeed.io
CVE-2024-12771 - WordPress eCommerce Product Catalog Cross-Site Request Forgery (CSRF)
1 1
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it possible for...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
16h ago