Platform

Featured Integrations

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

See our Threat Intelligence Solutions in Action

Solutions

Threat Intelligence solves pervasive challenges

Reduce operational risk through timely, precise, and actionable intelligence.

See Recorded Future’s Intelligence in Action

Products

Services

Research

Minimize operational risks with our timely, precise, and actionable intelligence.

See Recorded Future in Action

Resource Center

Additional Resources

Additional Topics

Resources

Why Recorded Future

About Us

Partner With Us

Join Us

Company

brand-logo-long-black.svg

Rectangular Logo - Digital (RGB).svg

Home

Blog

Careers at Recorded Future

Contact Us

The vulnerability with the CVE ID name CVE-2024-3134 affects the Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress. This vulnerability allows authenticated attackers with contributor access or higher to inject arbitrary web scripts into pages using the title_html_tag attribute. The vulnerability exists in all versions up to and including 2.0.6.0 due to insufficient input sanitization and output escaping. As a result, whenever a user accesses an injected page, the injected scripts will execute. The risk score for this vulnerability is 25, with a base severity of MEDIUM and a base score of 6.4 according to security@wordfence.com. The exploitability score is 3.1, and the privileges required are LOW. The attack vector is through the network, with low impact on integrity and confidentiality. No user interaction is required for exploitation, and there is no availability impact identified.

CVE-2024-3134

CVE-2024-3609 is a vulnerability that affects the ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress. The vulnerability allows authenticated attackers with subscriber access and above to delete attachments due to a missing capability check on the reviewx_remove_guest_image function. This vulnerability exists in all versions of the plugin up to and including 1.6.27. The base severity of this vulnerability is rated as medium, with a base score of 4.3 out of 10. To remediate this vulnerability, users should update to the latest version of the plugin as soon as it becomes available. If left unaddressed, this vulnerability poses a potential risk to organizations as it allows attackers to unauthorizedly delete data from the affected WordPress plugin.

CVE-2024-3609

CVE-2023-28402 is a vulnerability that affects some Intel(R) BIOS Guard firmware. It is classified as a high-risk vulnerability with a base severity score of 7.2. The vulnerability allows a privileged user to potentially enable escalation of privilege through local access. The attack vector is local, meaning physical access to the affected system is required. The impact includes high integrity and confidentiality impact, posing a significant danger to organizations utilizing the affected Intel BIOS Guard firmware. Remediation measures are not provided in the given information.

CVE-2023-28402

CVE-2023-28383 is a vulnerability found in some Intel(R) BIOS PPAM firmware, which may allow a privileged user to potentially enable escalation of privilege through local access. The base severity of this vulnerability is rated as MEDIUM, with a base score of 6.1, and the exploitability score is 0.8. The privileges required for exploitation are considered HIGH, but there is no user interaction required. The attack vector is local, posing a potential danger to organizations with compromised systems. The integrity impact is rated as HIGH while the confidentiality impact is LOW. This vulnerability has a CVSS vector string of CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N and an impact score of 4.7. Remediation measures or further analysis are not specified in the available information from secure@intel.com.

CVE-2023-28383

CVE-2023-27504 is a vulnerability that affects some Intel(R) BIOS Guard firmware. It has a base severity rating of HIGH and a base score of 7.2. The vulnerability allows a privileged user with local access to potentially enable escalation of privilege due to improper conditions check. The exploitability score is 0.8, indicating a high likelihood of exploitation. The impact score for this vulnerability is 5.8, with high integrity and confidentiality impacts. The attack vector is local, and no user interaction is required. Remediating this vulnerability requires addressing the issue in the affected Intel BIOS Guard firmware to prevent privilege escalation attacks. Organizations should be aware of the potential danger it poses, as it could allow unauthorized users to gain elevated privileges and compromise the security of systems using the affected firmware version.

CVE-2023-27504

CVE-2023-24460 is a vulnerability that affects some Intel(R) GPA software installers before version 2023.3. These installers have incorrect default permissions, which could potentially enable an authenticated user to escalate their privileges via local access. The vulnerability has a base severity of HIGH and a base score of 8.2 according to the CVSS version 3.1 scoring system. It requires low privileges and user interaction is required for exploitation. The impact includes high integrity and confidentiality impacts, with the potential danger of privilege escalation within an organization. Remediation should involve updating the affected software to version 2023.3 or later to address the incorrect default permissions issue.

CVE-2023-24460

CVE-2023-22662 is a cyber vulnerability that affects UEFI firmware for certain Intel(R) Server Board S2600BP products. It is categorized as CWE-20, which refers to improper input validation. The vulnerability could potentially be exploited by a privileged user with local access to enable denial of service. The base severity of this vulnerability is medium, with a base score of 5.8. To remediate the issue, it is recommended to apply any patches or updates provided by Intel(R). This vulnerability poses a potential danger to organizations as it could result in a denial of service, impacting the availability of affected systems.

CVE-2023-22662

CVE-2023-22656 is a vulnerability that affects Intel(R) Media SDK and some Intel(R) oneVPL software versions prior to 23.3.5. It is an out-of-bounds read vulnerability that may allow an authenticated user with local access to potentially enable escalation of privilege. The risk score for this vulnerability is 5, indicating a significant level of risk. The base severity is rated as low, with a base score of 3.9, and the exploitability score is 1.3, indicating a relatively low level of difficulty for exploiting this vulnerability. Remediation for this vulnerability involves updating to version 23.3.5 or later of the affected Intel software products.

CVE-2023-22656

CVE-2024-4733 is a vulnerability affecting the ShiftController Employee Shift Scheduling plugin up to version 4.9.57, allowing an authenticated attacker with contributor access or higher to inject a PHP Object via deserialization of untrusted input through the `hc3_session`-cookie. This vulnerability does not contain a POP chain, but if one is present through another plugin or theme on the target system, it could lead to arbitrary file deletion, retrieval of sensitive data, or code execution. The base severity of this vulnerability is rated as HIGH with a base score of 7.5 according to CVSS:3.1 standards. The exploitability score is 1.6, and it requires low privileges and no user interaction. The attack vector is network-based, and it has a high impact on both integrity and confidentiality, as well as high availability impact.

CVE-2024-4733

CVE-2024-5023 is a Command Injection vulnerability in Netflix's ConsoleMe before version 1.4.0. This vulnerability allows for the improper neutralization of special elements used in a command, posing a high danger to organizations. The base severity is rated as critical with a score of 9.6 out of 10, and it has a high impact on both integrity and confidentiality. The exploitability score is 3.1 out of 10, indicating a relatively low level of difficulty for attackers to exploit this vulnerability. To remediate this issue, organizations should update ConsoleMe to version 1.4.0 or later.

CVE-2024-5023

Refine your search

We could not find any results for your search, so why not start with the articles listed below?

Vulnerability Database

A curated collection of proven software vulnerabilities, publicly available for researchers and security teams.

Top 10 Trending CVEs

Newly Added CVEs

Prioritize patching with risk-based vulnerability intel and early alerts

Frequently Asked Questions

What is a vulnerability database?

Is there more than one vulnerability db?

What is a CVE identifier? (CVE ids)

What is the difference between CVE DB and CVE?

Does every vulnerability have a CVE?

How does a vulnerability become a CVE?

What's the difference between CVE and CVSS?

How does a CVE database help vulnerability management?

What are the most popular CVEs?