CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42698 – WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2022-42698
Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. Vulnerabilidad de carga arbitraria de archivos no autenticada en el complemento WordPress Api2Cart Bridge Connector en WordPress en versiones <= 1.1.0. The Api2Cart Bridge Connector plugin for WordPress is vulnerable to arbitrary file uploads due to missing or incorrect file type validation in versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/api2cart-bridge-connector/wordpress-api2cart-bridge-connector-plugin-1-1-0-arbitrary-file-upload-vulnerability?_s_id=cve https://wordpress.org/plugins/api2cart-bridge-connector/#developers • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42497 – WordPress Api2Cart Bridge Connector plugin <= 1.1.0 - Arbitrary Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2022-42497
Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. Vulnerabilidad de ejecución de código arbitrario en el complemento Api2Cart Bridge Connector en WordPress en versiones <= 1.1.0. The Api2Cart Bridge Connector plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.0. This allows unauthenticated attackers to execute code on the server. • https://patchstack.com/database/vulnerability/api2cart-bridge-connector/wordpress-api2cart-bridge-connector-plugin-1-1-0-arbitrary-code-execution-vulnerability?_s_id=cve https://wordpress.org/plugins/api2cart-bridge-connector/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •