CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56051 – WordPress WPLMS plugin < 1.9.9.5 - Student+ Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-56051
17 Dec 2024 — The WPLMS plugin for WordPress is vulnerable to Remote Code Execution in all versions up to 1.9.9.5 (exclusive). • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-student-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56052 – WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-56052
17 Dec 2024 — The WPLMS plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 1.9.9.5.2 (exclusive). This makes it possible for authenticated attackers, with student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-student-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56054 – WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-56054
17 Dec 2024 — The WPLMS plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 1.9.9.5.2 (exclusive). This makes it possible for authenticated attackers, with instructor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-instructor-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56057 – WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-56057
17 Dec 2024 — The WPLMS plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 1.9.9.5.2 (exclusive). This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 30%CPEs: 1EXPL: 1CVE-2024-9698 – Crafthemes Demo Import <= 3.3 - Authenticated (Admin+) Arbitrary File Upload in process_uploaded_files
https://notcve.org/view.php?id=CVE-2024-9698
13 Dec 2024 — The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/Nxploited/CVE-2024-9698 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 40%CPEs: 1EXPL: 2CVE-2024-9290 – Super Backup & Clone - Migrate for WordPress <= 2.3.3 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9290
12 Dec 2024 — The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/super-backup-clone-migrate-for-wordpress/12943030 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10590 – Opt-In Downloads <= 4.07 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10590
11 Dec 2024 — The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, u... • https://codecanyon.net/item/subscribe-download/2687305 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 48%CPEs: 1EXPL: 3CVE-2024-10124 – Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation
https://notcve.org/view.php?id=CVE-2024-10124
11 Dec 2024 — The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. ... The Vayu Blo... • https://packetstorm.news/files/id/183151 • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54285 – WordPress SeedProd Pro plugin <= 6.18.10 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-54285
11 Dec 2024 — The SeedProd Pro plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 6.18.13. • https://patchstack.com/database/wordpress/plugin/seedprod-coming-soon-pro-5/vulnerability/wordpress-seedprod-pro-plugin-6-18-10-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54368 – WordPress GitSync plugin <= 1.1.0 - CSRF to Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-54368
11 Dec 2024 — The GitSync plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0. • https://patchstack.com/database/wordpress/plugin/git-sync/vulnerability/wordpress-gitsync-plugin-1-1-0-csrf-to-remote-code-execution-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •