Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2024
CVE-2024-56042
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.
CVSS Score
9.3
EPSS Score
0.002
Published
2024-12-31
CVE-2024-56046
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.
CVSS Score
10.0
EPSS Score
0.006
Published
2024-12-31
CVE-2024-56265
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWeb WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-12-31
CVE-2024-56225
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-12-31
CVE-2024-56226
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1001.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-12-31
CVE-2024-56227
Missing Authorization vulnerability in WP Royal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through 1.7.1001.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-12-31
CVE-2024-56217
Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-12-31
CVE-2024-12105
In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure.
CVSS Score
6.5
EPSS Score
0.079
Published
2024-12-31
CVE-2024-12106
In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.
CVSS Score
9.4
EPSS Score
0.125
Published
2024-12-31
CVE-2024-12108
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
CVSS Score
9.6
EPSS Score
0.116
Published
2024-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved