CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52379 – WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52379
11 Nov 2024 — The kineticPay for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.0.8. • https://patchstack.com/database/vulnerability/kineticpay-for-woocommerce/wordpress-kineticpay-for-woocommerce-plugin-2-0-8-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-52380 – WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52380
11 Nov 2024 — The Picsmize plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/picsmize/wordpress-picsmize-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-52382 – WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-52382
11 Nov 2024 — The Matix Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on a function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. • https://patchstack.com/database/vulnerability/medma-matix/wordpress-matix-popup-builder-plugin-1-0-0-arbitrary-option-update-to-privilege-escalation-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10547 – WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10547
08 Nov 2024 — The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. • https://codecanyon.net/item/wp-membership/10066554 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-10470 – WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion
https://notcve.org/view.php?id=CVE-2024-10470
08 Nov 2024 — The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. • https://github.com/RandomRobbieBF/CVE-2024-10470 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10586 – Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2024-10586
08 Nov 2024 — The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. ... The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. • https://github.com/RandomRobbieBF/CVE-2024-10586 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10284 – CE21 Suite <= 2.2.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-10284
08 Nov 2024 — The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. • https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L242 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10285 – CE21 Suite <= 2.2.0 - JWT Token Disclosure
https://notcve.org/view.php?id=CVE-2024-10285
08 Nov 2024 — The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. • https://plugins.trac.wordpress.org/browser/ce21-suite/trunk/single-sign-on-ce21.php?rev=3097700#L237 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-10508 – RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery
https://notcve.org/view.php?id=CVE-2024-10508
08 Nov 2024 — The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. • https://github.com/ubaii/CVE-2024-10508 • CWE-230: Improper Handling of Missing Values •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10589 – Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2024-10589
08 Nov 2024 — The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. • https://codecanyon.net/item/leopard-wordpress-offload-media/23728788 • CWE-862: Missing Authorization •