CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6314 – IQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6314
The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process_image_upload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. ... El complemento IQ Testimonials para WordPress es vulnerable a cargas de archivos arbitrarias debido a una validación insuficiente del tipo de archivo en la función 'process_image_upload' en versiones hasta la 2.2.7 incluida. • https://plugins.trac.wordpress.org/browser/iq-testimonials/tags/2.2.7/lib/iq-testimonials-form.php#L296 https://www.wordfence.com/threat-intel/vulnerabilities/id/bec50640-a550-49a8-baf6-2dd53995f90b?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6321 – ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6321
The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento ScrollTo Bottom para WordPress es vulnerable a Cross-Site Request Forgery para la carga arbitraria de archivos en versiones hasta la 1.1.1 incluida. • https://plugins.trac.wordpress.org/browser/scrollto-bottom/trunk/scrollto-bottom.php?rev=516875#L256 https://www.wordfence.com/threat-intel/vulnerabilities/id/d560f28f-899c-44cf-8640-55647c1de7dc?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6365 – Product Table by WBW <= 2.0.1 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6365
The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. ... El complemento Product Table by WBW para WordPress es vulnerable a la ejecución remota de código en todas las versiones hasta la 2.0.1 incluida a través de la función 'saveCustomTitle'. • https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/languages/customTitle.php https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/modules/wootablepress/models/wootablepress.php#L7 https://plugins.trac.wordpress.org/changeset/3113335 https://www.wordfence.com/threat-intel/vulnerabilities/id/ba84711f-bdbe-46d3-a9a3-cc2b1dcefd1a?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6320 – ScrollTo Top <= 1.2.2 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6320
The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento ScrollTo Top para WordPress es vulnerable a Cross-Site Request Forgery para la carga arbitraria de archivos en versiones hasta la 1.2.2 incluida. • https://plugins.trac.wordpress.org/browser/scrollto-top/trunk/scrollto-top.php?rev=662578#L238 https://www.wordfence.com/threat-intel/vulnerabilities/id/e11f1a56-d5a2-47a4-a5cc-34345966495a?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7061 – Advanced File Manager Shortcode <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-7061
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento Advanced File Manager Shortcodes para WordPress es vulnerable a la carga de archivos arbitrarios en todas las versiones hasta la 2.5.3 incluida. • https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress https://www.wordfence.com/threat-intel/vulnerabilities/id/26050f70-7a10-4df5-acd5-1c9e7613bf2c? • CWE-434: Unrestricted Upload of File with Dangerous Type •