Multiple QNAP Products Vulnerabilities

November 26, 2024

Multiple Adobe Products Vulnerabilities

November 27, 2024

Multiple WordPress Plugins Vulnerabilities

November 27, 2024

Severity

High

Analysis Summary

CVE-2024-52470 CVSS:7.1

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainvireinfo Dynamic URL SEO allows Reflected XSS.This issue affects Dynamic URL SEO: from n/a through 1.0.

CVE-2024-52471 CVSS:7.1

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Reflected XSS.This issue affects Extensions for Elementor: from n/a through 2.0.37.

CVE-2024-52472 CVSS:7.1

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Weather Atlas Weather Atlas Widget allows Reflected XSS.This issue affects Weather Atlas Widget: from n/a through 3.0.1.

Impact

Cross-Site Scripting

Indicators of Compromise

CVE

CVE-2024-52470
CVE-2024-52471
CVE-2024-52472

Affected Vendors

WordPress

Affected Products

Brainvireinfo Dynamic URL SEO - n/a
petesheppard84 Extensions for Elementor - n/a
Weather Atlas Weather Atlas Widget - n/a

Remediation

Upgrade to the latest version, available from the WordPress Plugin Directory.

CVE-2024-52470

CVE-2024-52471

CVE-2024-52472

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CoinMiner Malware – Active IOCs

Google Warns of Active Exploits Targeting Chrome V8 Vulnerability

CVE-2025-6554 – Google Chrome Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us