Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-54381 CVSS:7.1

Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1.

CVE-2024-54383 CVSS:9.8

Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.

CVE-2024-56055 CVSS:8.5

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.

CVE-2024-56051 CVSS:8.5

Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5.

Impact

Code Execution
Gain Access

Indicators of Compromise

CVE

CVE-2024-54381
CVE-2024-54383
CVE-2024-56055
CVE-2024-56051

Affected Vendors

WordPress

Affected Products

VibeThemes WPLMS - n/a
theDotstore Advance Menu Manager - n/a
wpweb WooCommerce PDF Vouchers - n/a

Remediation

Update the WordPress plugin to the latest available version.

Multiple TP-Link VN020 Vulnerabilities

Cobalt Strike Malware – Active IOCs

Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan