CVE ID : CVE-2024-11936 Published : Jan. 26, 2025, 12:15 p.m. | 38 minutes ago Description : The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ‘backup_options’ and ‘restore_options’ function in all versions up to, and including, 3.16.0. […]
CVE ID : CVE-2024-11641 Published : Jan. 26, 2025, 12:15 p.m. | 38 minutes ago Description : The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on the ‘save’ function. This makes […]
Meta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks A high-severity security flaw has been disclosed in Meta’s Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-st … Read more Published Date: Jan 26, 2025 (2 hours, 39 minutes ago) Vulnerabilities has […]
Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 48,000+ internet-facing Fortinet firewalls still open to attack Despite last week’s confirmation of an … Read more Published Date: Jan 26, 2025 (1 hour, 50 minutes ago) […]
CVE ID : CVE-2024-11090 Published : Jan. 26, 2025, 7:15 a.m. | 1 hour, 30 minutes ago Description : The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract […]
Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level access control configuration was introduced in Enterprise Config schema version 8. Migration functionality from schema version 8 to versions 9 and 10 (in affected vulnerable versions) does not include the projects section of the configuration. This leads to all of the project settings being […]
CVE ID : CVE-2024-10705 Published : Jan. 26, 2025, 7:15 a.m. | 1 hour, 30 minutes ago Description : The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the ‘mpg_download_file_by_link’ function. This makes it possible for authenticated attackers, with editor-level access […]
The following table lists the changes that have been made to the CVE-2025-24858 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Jan. 26, 2025 Action […]
CVE ID : CVE-2024-10636 Published : Jan. 26, 2025, 6:15 a.m. | 30 minutes ago Description : The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and […]
CVE ID : CVE-2024-10633 Published : Jan. 26, 2025, 6:15 a.m. | 30 minutes ago Description : The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
