CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51788 – WordPress The Novel Design Store Directory plugin <= 4.3.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-51788
08 Nov 2024 — The The Novel Design Store Directory plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.3.0. • https://patchstack.com/database/vulnerability/noveldesign-store-directory/wordpress-the-novel-design-store-directory-plugin-4-3-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51789 – WordPress Image Classify plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-51789
08 Nov 2024 — The Image Classify plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/image-classify/wordpress-image-classify-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51790 – WordPress HB AUDIO GALLERY plugin <= 3.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-51790
08 Nov 2024 — The HB AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.0. • https://patchstack.com/database/vulnerability/hb-audio-gallery/wordpress-hb-audio-gallery-plugin-3-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51791 – WordPress Forms plugin <= 2.8.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-51791
08 Nov 2024 — The Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.8.0. • https://patchstack.com/database/vulnerability/forms-by-made-it/wordpress-forms-plugin-2-8-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51793 – WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-51793
08 Nov 2024 — The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.8115. • https://patchstack.com/database/vulnerability/computer-repair-shop/wordpress-repairbuddy-plugin-3-8115-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8615 – WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8615
05 Nov 2024 — The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. ... El complemento JobSearch WP Job Board para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo en la función jobsearch_location_load_excel_file_callback() en todas las versiones hasta la 2.6.7 incluida. • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10687 – Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 24.0.3 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2024-10687
04 Nov 2024 — The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ... El complemento Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, ... • https://plugins.trac.wordpress.org/browser/contest-gallery/tags/24.0.1/v10/v10-frontend/ecommerce/ecommerce-get-raw-data-from-galleries.php#L61 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10711 – WooCommerce Report <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2024-10711
04 Nov 2024 — The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. • https://wordpress.org/plugins/ithemelandco-woo-report/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10392 – AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10392
30 Oct 2024 — The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. ... El complemento AI Power: Complete AI Pack para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo en la función 'handle_image_upload' en todas las versiones hasta la 1.8.89 incluida. • https://plugins.trac.wordpress.org/changeset/3176122/gpt3-ai-content-generator#file508 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-50503 – WordPress User Toolkit plugin <= 1.2.3 - Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2024-50503
30 Oct 2024 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck Oñate User Toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through 1.2.3. La vulnerabilidad de omisión de autenticación mediante una ruta o canal alternativo en Deryck Oñate User Toolkit permite la omisión de autenticación. Este problema afecta a User Toolkit: desde n/a hasta 1.2.3. • https://patchstack.com/database/vulnerability/user-toolkit/wordpress-user-toolkit-plugin-1-2-3-account-takeover-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel •