May 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
PatchWork APT Threat Actor Group – Active IOCs
October 7, 2024
Emotet Malware – Active IOCs
October 8, 2024
PatchWork APT Threat Actor Group – Active IOCs
October 7, 2024
Emotet Malware – Active IOCs
October 8, 2024
Severity
High
Analysis Summary
CVE-2024-44017 CVSS:7.5
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MinHyeong Lim MH Board allows PHP Local File Inclusion.This issue affects MH Board: from n/a through 1.3.2.1.
CVE-2024-44030 CVSS:7.2
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 8.6.
CVE-2024-47335 CVSS:7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11.
CVE-2024-47338 CVSS:7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExpertsio WPExperts Square For GiveWP allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through 1.3.
CVE-2024-44028 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in Nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a before 3.6.5.
CVE-2024-45454 CVSS:7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121.
CVE-2024-47300 CVSS:7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CubeWP CubeWP Forms – All-in-One Form Builder allows Stored XSS.This issue affects CubeWP Forms – All-in-One Form Builder: from n/a through 1.1.1.
CVE-2024-47306 CVSS:7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 4.2.3.
CVE-2024-47320 CVSS:7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WS Form WS Form LITE allows Stored XSS.This issue affects WS Form LITE: from n/a through 1.9.238.
CVE-2024-47322 CVSS:7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows Reflected XSS.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7.
CVE-2024-47326 CVSS:7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Share This Image allows Reflected XSS.This issue affects Share This Image: from n/a through 2.01.
CVE-2024-47333 CVSS:7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Team Tangible Loops & Logic allows Reflected XSS.This issue affects Loops & Logic: from n/a through 4.1.4.
CVE-2024-47339 CVSS:7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in James Ward WP Mail Catcher allows Reflected XSS.This issue affects WP Mail Catcher: from n/a through 2.1.9.
CVE-2024-47346 CVSS:7.1
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.9.1.
Impact
- Gain Access
- Data Manipulation
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-44017
- CVE-2024-44030
- CVE-2024-47335
- CVE-2024-47338
- CVE-2024-44028
- CVE-2024-45454
- CVE-2024-47300
- CVE-2024-47306
- CVE-2024-47320
- CVE-2024-47322
- CVE-2024-47326
- CVE-2024-47333
- CVE-2024-47339
- CVE-2024-47346
Affected Vendors
WordPress
Affected Products
- MinHyeong Lim MH Board - n/a
- Mestres do WP Checkout Mestres WP - n/a
- Bit Form – Contact Form Plugin - n/a
- WPExperts Square For GiveWP - n/a
- NiceJob - n/a
- CubeWP Forms – All-in-One Form Builder - n/a
- Copy Content Protection Team Secure Copy Content Protection and Content Locking - n/a
- WS Form LITE - n/a
- Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin - n/a
- ILLID Share This Image - n/a
- James Ward WP Mail Catcher - n/a
- Tribulant Newsletters - n/a
- Team Tangible Loops and Logic - n/a
Remediation
Upgrade to the latest version of Plugin for WordPress, available from the WordPress Plugin Directory.
