CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48028 – WordPress IP Loc8 plugin <= 1.1 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-48028
If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://patchstack.com/database/vulnerability/ip-loc8/wordpress-ip-loc8-plugin-1-1-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48035 – WordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-48035
The ACF Images Search And Insert plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/acf-images-search-and-insert/wordpress-acf-images-search-and-insert-plugin-1-1-4-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45746
https://notcve.org/view.php?id=CVE-2024-45746
This allows an attacker to write anywhere in the secure firmware, which can be used to take over the control flow, leading to remote code execution (RCE). • https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.html https://www.trustedfirmware.org/projects/tf-m • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48026 – WordPress Disc Golf Manager plugin <= 1.0.0 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-48026
If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://patchstack.com/database/vulnerability/disc-golf-manager/wordpress-disc-golf-manager-plugin-1-0-0-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48034 – WordPress Creates 3D Flipbook, PDF Flipbook plugin <= 1.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-48034
The Creates 3D Flipbook, PDF Flipbook in WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/create-flipbook-from-pdf/wordpress-creates-3d-flipbook-pdf-flipbook-plugin-1-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •