CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50482 – WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50482
25 Oct 2024 — The Woocommerce Product Design plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/woo-product-design/wordpress-woocommerce-product-design-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50483 – WordPress Meetup plugin <= 0.1 - Broken Authentication vulnerability
https://notcve.org/view.php?id=CVE-2024-50483
25 Oct 2024 — The Meetup plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1. ... WordPress Meetup plugin versions 0.1 and below suffer from an authentication bypass vulnerability. • https://patchstack.com/database/vulnerability/meetup/wordpress-meetup-plugin-0-1-broken-authentication-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50484 – WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50484
25 Oct 2024 — The Multi Purpose Mail Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.2. • https://patchstack.com/database/vulnerability/multi-purpose-mail-form/wordpress-multi-purpose-mail-form-plugin-1-0-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50485 – WordPress Exam Matrix plugin <= 1.5 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-50485
25 Oct 2024 — The Exam Matrix plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5. • https://patchstack.com/database/vulnerability/exam-matrix/wordpress-exam-matrix-plugin-1-5-privilege-escalation-vulnerability? • CWE-266: Incorrect Privilege Assignment •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50486 – WordPress Acnoo Flutter API plugin <= 1.0.5 - Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2024-50486
25 Oct 2024 — The Acnoo Flutter API plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.5. • https://patchstack.com/database/vulnerability/acnoo-flutter-api/wordpress-acnoo-flutter-api-plugin-1-0-5-account-takeover-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50487 – WordPress MaanStore API plugin <= 1.0.1 - Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2024-50487
25 Oct 2024 — The MaanStore API plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.1. • https://patchstack.com/database/vulnerability/maanstore-api/wordpress-maanstore-api-plugin-1-0-1-account-takeover-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50489 – WordPress Realty Workstation plugin <= 1.0.45 - Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2024-50489
25 Oct 2024 — The Realty Workstation plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.45. • https://patchstack.com/database/vulnerability/realty-workstation/wordpress-realty-workstation-plugin-1-0-45-account-takeover-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50490 – WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-50490
25 Oct 2024 — The PegaPoll plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. • https://patchstack.com/database/vulnerability/pegapoll/wordpress-pegapoll-plugin-1-0-2-arbitrary-option-update-to-privilege-escalation-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50493 – WordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50493
25 Oct 2024 — The Automatic Translation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. • https://patchstack.com/database/vulnerability/automatic-translation/wordpress-automatic-translation-plugin-1-0-4-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50494 – WordPress Sudan Payment Gateway for WooCommerce plugin <= 1.2.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50494
25 Oct 2024 — The Sudan Payment Gateway for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2.2. • https://patchstack.com/database/vulnerability/wc-sudan-payment-gateway/wordpress-sudan-payment-gateway-for-woocommerce-plugin-1-2-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •