CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51420 – WordPress Verge3D Plugin <= 4.5.2 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-51420
Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en Soft8Soft LLC Verge3D Publishing and E-Commerce. Este problema afecta a Verge3D Publishing and E-Commerce: desde n/a hasta 4.5.2. • https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51421 – WordPress Verge3D Plugin <= 4.5.2 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-51421
Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Soft8Soft LLC Verge3D Publishing and E-Commerce. Este problema afecta a Verge3D Publishing and E-Commerce: desde n/a hasta 4.5.2. The Verge3D Publishing and E-Commerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'v3d_upload_app_file' function in all versions up to, and including, 4.5.2. This makes it possible for authenticated attackers, with subscriber access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/verge3d/wordpress-verge3d-plugin-4-5-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •