CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44019 – WordPress Contact Form 7 Campaign Monitor Extension plugin <= 0.4.67 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-44019
The Contact Form 7 Campaign Monitor Extension plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.4.67. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/contact-form-7-campaign-monitor-extension/wordpress-contact-form-7-campaign-monitor-extension-plugin-0-4-67-arbitrary-file-deletion-vulnerability? • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45348 – Xiaomi Router AX9000 has a post-authorization command injection vulnerability
https://notcve.org/view.php?id=CVE-2024-45348
This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code. • https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=547 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8671 – WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2024-8671
The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://codecanyon.net/item/wooevents-calendar-and-event-booking/15598178 https://www.wordfence.com/threat-intel/vulnerabilities/id/3d7af96a-5a3c-4291-a369-f6ed78f72a3f?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9113 – FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9113
This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-9114 – FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-9114
This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. •