Page 128 of 35373 results (0.070 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0. ... The ajax-extend plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the ajax_operation function. ... This makes it possible for unauthenticated attackers to execute code on the server. • https://patchstack.com/database/vulnerability/ajax-extend/wordpress-ajax-extend-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/analyse-uploads/wordpress-analyse-uploads-plugin-0-5-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/feed-comments-number/wordpress-feed-comments-number-plugin-0-2-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/digital-lottery/wordpress-digital-lottery-plugin-3-0-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. ... This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/limb-gallery/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •