CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48027 – WordPress External featured image from bing plugin <= 1.0.2 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-48027
The External featured image from bing plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/external-featured-image-from-bing/wordpress-external-featured-image-from-bing-plugin-1-0-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48030 – WordPress Telecash Ricaricaweb plugin <= 2.2 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-48030
If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://patchstack.com/database/vulnerability/telecash-ricaricaweb/wordpress-telecash-ricaricaweb-plugin-2-2-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48028 – WordPress IP Loc8 plugin <= 1.1 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-48028
If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://patchstack.com/database/vulnerability/ip-loc8/wordpress-ip-loc8-plugin-1-1-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48035 – WordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-48035
The ACF Images Search And Insert plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/acf-images-search-and-insert/wordpress-acf-images-search-and-insert-plugin-1-1-4-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45746
https://notcve.org/view.php?id=CVE-2024-45746
This allows an attacker to write anywhere in the secure firmware, which can be used to take over the control flow, leading to remote code execution (RCE). • https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.html https://www.trustedfirmware.org/projects/tf-m • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •