CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49286 – WordPress SSV Events plugin <= 3.2.7 - Local File Inclusion to RCE vulnerability
https://notcve.org/view.php?id=CVE-2024-49286
The SSV Events plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.2.7. • https://patchstack.com/database/vulnerability/ssv-events/wordpress-ssv-events-plugin-3-2-7-local-file-inclusion-to-rce-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49257 – WordPress Azz Anonim Posting plugin <= 0.9 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49257
The Azz Anonim Posting plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the AzzapUploadHandler class in all versions up to, and including, 0.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/azz-anonim-posting/wordpress-azz-anonim-posting-plugin-0-9-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49254 – WordPress ajax-extend plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-49254
The ajax-extend plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the ajax_operation function. • https://patchstack.com/database/vulnerability/ajax-extend/wordpress-ajax-extend-plugin-1-0-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49253 – WordPress Analyse Uploads plugin <= 0.5 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-49253
The Analyse Uploads plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the jpn_time_to_die() function in all versions up to, and including, 0.5. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/analyse-uploads/wordpress-analyse-uploads-plugin-0-5-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49216 – WordPress Feed Comments Number plugin <= 0.2.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49216
The Feed Comments Number plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFont() function in all versions up to, and including, 0.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/feed-comments-number/wordpress-feed-comments-number-plugin-0-2-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •