CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50523 – WordPress All Post Contact Form plugin <= 1.7.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50523
30 Oct 2024 — The All Post Contact Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.7.8. • https://patchstack.com/database/vulnerability/allpost-contactform/wordpress-all-post-contact-form-plugin-1-6-7-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50525 – WordPress Helloprint plugin <= 2.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50525
30 Oct 2024 — The Plug your WooCommerce into the largest catalog of customized print products from Helloprint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.0.4. • https://patchstack.com/database/vulnerability/helloprint/wordpress-helloprint-plugin-2-0-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50526 – WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50526
30 Oct 2024 — The Multi Purpose Mail Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.2. • https://patchstack.com/database/vulnerability/multi-purpose-mail-form/wordpress-multi-purpose-mail-form-plugin-1-0-2-arbitrary-file-upload-vulnerability-2? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50527 – WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50527
30 Oct 2024 — The Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.2.3. • https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50531 – WordPress RSVPMaker for Toastmasters plugin <= 6.2.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50531
30 Oct 2024 — The RSVPMaker for Toastmasters plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.2.4. • https://patchstack.com/database/vulnerability/rsvpmaker-for-toastmasters/wordpress-rsvpmaker-for-toastmasters-plugin-6-2-4-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50507 – WordPress DS.DownloadList plugin <= 1.3 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-50507
28 Oct 2024 — The DS.DownloadList plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/dsdownloadlist/wordpress-ds-downloadlist-plugin-1-3-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50510 – WordPress AR For Woocommerce plugin <= 6.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50510
28 Oct 2024 — The AR for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.2. • https://patchstack.com/database/vulnerability/ar-for-woocommerce/wordpress-ar-for-woocommerce-plugin-6-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9988 – Crypto <= 2.15 - Authentication Bypass via register
https://notcve.org/view.php?id=CVE-2024-9988
28 Oct 2024 — The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. ... El complemento Crypto para WordPress es vulnerable a la omisión de autenticación en versiones hasta la 2.15 incluida. ... The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19. • https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L91 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9990 – Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-9990
28 Oct 2024 — The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. ... El complemento Crypto para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 2.15 incluida. • https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L31 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-9989 – Crypto <= 2.15 - Authentication Bypass via log_in
https://notcve.org/view.php?id=CVE-2024-9989
28 Oct 2024 — The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. ... El complemento Crypto para WordPress es vulnerable a la omisión de autenticación en versiones hasta la 2.15 incluida. ... The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.18. • https://plugins.trac.wordpress.org/browser/crypto/tags/2.10/includes/class-crypto_connect_ajax_register.php#L138 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •