CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52397 – WordPress Convert Docx2post plugin <= 1.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52397
13 Nov 2024 — The Convert Docx2post plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/convert-docx2post/wordpress-convert-docx2post-plugin-1-4-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52398 – WordPress CDI plugin <= 5.5.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52398
13 Nov 2024 — The CDI – Collect and Deliver Interface for Woocommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.5.3. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/collect-and-deliver-interface-for-woocommerce/wordpress-cdi-plugin-5-5-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52399 – WordPress Writer Helper plugin <= 3.1.6 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52399
13 Nov 2024 — The Writer Helper plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/writer-helper/wordpress-writer-helper-plugin-3-1-6-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52400 – WordPress Gallerio plugin <= 1.01 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52400
13 Nov 2024 — The Gallerio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.01. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/gallerio/wordpress-gallerio-plugin-1-01-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52403 – WordPress User Management plugin <= 1.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52403
13 Nov 2024 — The User Management plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/user-management/wordpress-user-management-plugin-1-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52404 – WordPress CF7 Reply Manager plugin <= 1.2.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52404
13 Nov 2024 — The CF7 Reply Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/cf7-reply-manager/wordpress-cf7-reply-manager-plugin-1-2-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52405 – WordPress B-Banner Slider plugin <= 1.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52405
13 Nov 2024 — The B-Banner Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/b-banner-slider/wordpress-b-banner-slider-plugin-1-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52406 – WordPress CSV to html plugin <= 3.04 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52406
13 Nov 2024 — The CSV to html plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.26. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/csv-to-html/wordpress-csv-to-html-plugin-3-04-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52407 – WordPress BasePress Migration Tools plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52407
13 Nov 2024 — The WordPress BasePress Migration Tools plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/basepress-migration-tools/wordpress-basepress-migration-tools-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52408 – WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52408
13 Nov 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Team PushAssist Push Notifications for WordPress by PushAssist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through 3.0.8. The Push Notifications for WordPress by PushAssist plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.0.8. This makes it possible for aut... • https://patchstack.com/database/vulnerability/push-notification-for-wp-by-pushassist/wordpress-push-notifications-for-wordpress-by-pushassist-plugin-3-0-8-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •