CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5630 – Insert or Embed Articulate Content into WordPress < 4.3000000024 - Author+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-5630
24 Jun 2024 — The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. El complemento Insert or Embed Articulate Content into de WordPress anterior a 4.3000000024 no impide que los autores carguen archivos arbitrarios al sitio, lo que puede permitirles cargar shells PHP en los sitios afectados. The Insert or Embed Articulate Content into WordPress plugin for WordPress i... • https://wpscan.com/vulnerability/538c875f-4c20-4be0-8098-5bddb7aecff4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-0757 – Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE
https://notcve.org/view.php?id=CVE-2024-0757
14 May 2024 — The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files El complemento Insert or Embed Articulate Content en WordPress hasta 4.3000000023 no filtra correctamente qué extensiones de archivo pueden importarse en el servidor, lo que permite cargar código malicioso dentro de archivos zip. The Insert or Embed Articulate Content into WordPres... • https://github.com/hunThubSpace/CVE-2024-0757-Exploit • CWE-434: Unrestricted Upload of File with Dangerous Type •