CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50495 – WordPress Plugin Propagator plugin <= 0.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50495
25 Oct 2024 — The Plugin Propagator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.1. • https://patchstack.com/database/vulnerability/wp-propagator/wordpress-plugin-propagator-plugin-0-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50496 – WordPress AR For WordPress plugin <= 6.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50496
25 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2. The AR For WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.6. • https://patchstack.com/database/vulnerability/ar-for-wordpress/wordpress-ar-for-wordpress-plugin-6-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 3CVE-2024-50498 – WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-50498
25 Oct 2024 — The WP Query Console plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0. • https://patchstack.com/database/vulnerability/wp-query-console/wordpress-wp-query-console-plugin-1-0-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9930 – Extensions by HocWP Team <= 0.2.3.2 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-9930
25 Oct 2024 — The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. • https://plugins.trac.wordpress.org/browser/sb-core/trunk/ext/account.php?rev=2715527#L374 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9931 – Wux Blog Editor <= 3.0.0 - Authentication Bypass to Administrator
https://notcve.org/view.php?id=CVE-2024-9931
25 Oct 2024 — The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. • https://plugins.trac.wordpress.org/browser/wux-blog-editor/tags/3.0.0/External_Post_Editor.php#L675 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9932 – Wux Blog Editor <= 3.0.0 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9932
25 Oct 2024 — The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. • https://github.com/RandomRobbieBF/CVE-2024-9932 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-9933 – WatchTowerHQ <= 3.9.6 - Authentication Bypass to Administrator due to Missing Empty Value Check
https://notcve.org/view.php?id=CVE-2024-9933
25 Oct 2024 — The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. ... The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. • https://github.com/RandomRobbieBF/CVE-2024-9933 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50420 – WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50420
24 Oct 2024 — The aDirectory – Directory Listing WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.3. • https://patchstack.com/database/vulnerability/adirectory/wordpress-adirectory-plugin-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9302 – App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP
https://notcve.org/view.php?id=CVE-2024-9302
24 Oct 2024 — The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. • https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb9d676-4fa0-4bdc-af44-5d7e1dd8c6e6?source=cve • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9488 – Comments – wpDiscuz <= 7.6.24 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-9488
24 Oct 2024 — The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. • https://plugins.trac.wordpress.org/browser/wpdiscuz/trunk/forms/wpdFormAttr/Login/SocialLogin.php • CWE-288: Authentication Bypass Using an Alternate Path or Channel •