CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54372 – WordPress Insertify plugin <= 1.1.4 - CSRF to Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-54372
11 Dec 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4. ... This makes it possible for unauthenticated attackers to execute remote code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/wordpress/plugin/insertify/vulnerability/wordpress-insertify-plugin-1-1-4-csrf-to-remote-code-execution-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12333 – WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-12333
11 Dec 2024 — The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://themeforest.net/item/woodmart-woocommerce-wordpress-theme/20264492 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54368 – WordPress GitSync plugin <= 1.1.0 - CSRF to Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-54368
11 Dec 2024 — GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0. ... This makes it possible for unauthenticated attackers to execute remote code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/wordpress/plugin/git-sync/vulnerability/wordpress-gitsync-plugin-1-1-0-csrf-to-remote-code-execution-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11948 – GFI Archiver Telerik Web UI Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11948
11 Dec 2024 — GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. An attacker can leverage this vulnerability to execute... • https://www.zerodayinitiative.com/advisories/ZDI-24-1671 • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11947 – GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11947
11 Dec 2024 — GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. An attacker can leverage this v... • https://www.zerodayinitiative.com/advisories/ZDI-24-1670 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11949 – GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11949
11 Dec 2024 — GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. An attacker can leverage this ... • https://www.zerodayinitiative.com/advisories/ZDI-24-1672 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2024-10124 – Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation
https://notcve.org/view.php?id=CVE-2024-10124
11 Dec 2024 — The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. • https://packetstorm.news/files/id/183151 • CWE-284: Improper Access Control •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54370 – WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-54370
11 Dec 2024 — The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/gallery-for-ultimate-member/vulnerability/wordpress-video-photo-gallery-for-ultimate-member-plugin-1-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54285 – WordPress SeedProd Pro plugin <= 6.18.10 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-54285
11 Dec 2024 — The SeedProd Pro plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 6.18.13. This makes it possible for authenticated attackers, with Editor-level access and above, to include remote files on the server, resulting in code execution. • https://patchstack.com/database/wordpress/plugin/seedprod-coming-soon-pro-5/vulnerability/wordpress-seedprod-pro-plugin-6-18-10-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11611 – AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11611
11 Dec 2024 — AutomationDirect C-More EA9 EAP9 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AutomationDirect C-More EA9. ... An attacker can leverage this vulnerability to execute code in the context of the c... • https://certvde.com/en/bulletins/bulletins/2182-automationdirect-c-more-ea9-programming-software • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •