CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49216 – WordPress Feed Comments Number plugin <= 0.2.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49216
The Feed Comments Number plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFont() function in all versions up to, and including, 0.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/feed-comments-number/wordpress-feed-comments-number-plugin-0-2-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49242 – WordPress Digital Lottery plugin <= 3.0.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49242
The Digital Lottery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/digital-lottery/wordpress-digital-lottery-plugin-3-0-5-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-41997
https://notcve.org/view.php?id=CVE-2024-41997
An attacker can create a specially crafted hyperlink using the `warp://action/docker/open_subshell` intent that when clicked by the victim results in command execution on the victim's machine. • https://docs.warp.dev/features/integrations-and-plugins#docker https://docs.warp.dev/getting-started/changelog#id-2024.07.18-v0.2024.07.16.08.02 https://gist.github.com/bhyh/d1ee7a825fce283bf8acbdb42c8a7832 https://github.com/warpdotdev/warp • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49260 – WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49260
Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. ... The Limb Gallery | Create Beautiful Image & Video Galleries plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the GRSUploadHandler class in all versions up to, and including, 1.5.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/limb-gallery/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49271 – WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.121 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-49271
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.121 via the template engine. This is due to the plugin not properly restricting functions that can be called and passed to code execution functions. This makes it possible for authenticated attackers, with Editor-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-free-widgets-addons-templates-plugin-1-5-121-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •