June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rhadamanthys Stealer – Active IOCs
January 7, 2025
Multiple Apache Products Vulnerabilities
January 7, 2025
Rhadamanthys Stealer – Active IOCs
January 7, 2025
Multiple Apache Products Vulnerabilities
January 7, 2025
Severity
Medium
Analysis Summary
CVE-2024-54357 CVSS:4.3
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10.
CVE-2024-56003 CVSS:4.3
Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer.This issue affects Caldera SMTP Mailer: from n/a through 1.0.1.
CVE-2024-55999 CVSS:5.3
Missing Authorization vulnerability in Marco Giannini XML Multilanguage Sitemap Generator.This issue affects XML Multilanguage Sitemap Generator: from n/a through 2.0.6.
CVE-2024-54348 CVSS:6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YayCommerce Brand allows Stored XSS.This issue affects Brand: from n/a through 1.1.6.
CVE-2024-37251 CVSS:4.3
Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2.
CVE-2024-54354 CVSS:6.5
Missing Authorization vulnerability in Beat Kueffer Termin-Kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through 0.99.47.
CVE-2024-54382 CVSS:4.9
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5.
CVE-2024-55996 CVSS:6.1
Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through 3.5.6.
Impact
- Cross-site Scripting
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-54357
- CVE-2024-56003
- CVE-2024-55999
- CVE-2024-54348
- CVE-2024-37251
- CVE-2024-54354
- CVE-2024-54382
- CVE-2024-55996
Affected Vendors
WordPress
Affected Products
- ThemeFusion Avada - n/a
- David Cramer Caldera SMTP Mailer - n/a
- Marco Giannini XML Multilanguage Sitemap Generator - n/a
- YayCommerce Brand - n/a
- Beat Kueffer Termin-Kalender - n/a
- BoldThemes Bold Page Builder - n/a
- Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce - n/a
Remediation
Upgrade to the latest version of Plugins, available from WordPress Plugin Directory.