CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50457 – WordPress Qode Essential Addons plugin <= 1.6.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-50457
24 Oct 2024 — : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.6.3. The Qode Essential Addons plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing th... • https://patchstack.com/database/vulnerability/qode-essential-addons/wordpress-qode-essential-addons-plugin-1-6-3-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.9EPSS: 14%CPEs: 1EXPL: 1CVE-2023-47840 – WordPress Qode Essential Addons Plugin <= 1.5.2 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-47840
27 Nov 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2. Vulnerabilidad de control inadecuado de la generación de código ("inyección de código") en Qode Interactive Qode Essential Addons. Este problema afecta a Qode Essential Addons: desde n/a hasta 1.5.2. The Qode Essential Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check ... • https://github.com/RandomRobbieBF/CVE-2023-47840 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •