April 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Obfuscated Malicious NPM Package Masquerading as an Ethereum Tool Deploys Quasar RAT – Active IOCs
January 2, 2025NJRAT – Active IOCs
January 2, 2025Obfuscated Malicious NPM Package Masquerading as an Ethereum Tool Deploys Quasar RAT – Active IOCs
January 2, 2025NJRAT – Active IOCs
January 2, 2025
Severity
Medium
Analysis Summary
CVE-2024-56049 CVSS:6.4
WPLMS plugin for WordPress could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences to delete arbitrary files on the system.
CVE-2024-52485 CVSS:6.5
Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through 2.2.
CVE-2024-55997 CVSS:6.5
Missing Authorization vulnerability in Web Chunky Order Delivery & Pickup Location Date Time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery & Pickup Location Date Time: from n/a through 1.1.0.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-56049
- CVE-2024-52485
- CVE-2024-55997
Affected Vendors
WordPress
Affected Products
- WPLMS plugin for WordPress 1.9.9.2
- Yudiz Solutions Ltd. WP Menu Image - n/a
- Web Chunky Order Delivery and Pickup Location Date Time - n/a
Remediation
Upgrade to the latest version of Plugins, available from WordPress Plugin Directory.
