CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52372 – WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52372
11 Nov 2024 — The Easy CSV Importer BETA plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 7.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/easy-csv-importer/wordpress-easy-csv-importer-plugin-7-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52373 – WordPress Devexhub Gallery plugin <= 2.0.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52373
11 Nov 2024 — The Devexhub Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/devexhub-gallery/wordpress-devexhub-gallery-plugin-2-0-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52374 – WordPress Do That Task plugin <= 1.5.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52374
11 Nov 2024 — The Do That Task plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/do-that-task/wordpress-do-that-task-plugin-1-5-5-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52376 – WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52376
11 Nov 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1. The Boat Rental Plugin for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in a function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to upload ar... • https://patchstack.com/database/vulnerability/boat-rental-system/wordpress-boat-rental-plugin-for-wordpress-plugin-1-0-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52377 – WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52377
11 Nov 2024 — The Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in a function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/ai-image/wordpress-instant-image-generator-one-click-image-uploads-from-pixabay-pexels-and-openai-plugin-1-5-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52379 – WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52379
11 Nov 2024 — The kineticPay for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.0.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/kineticpay-for-woocommerce/wordpress-kineticpay-for-woocommerce-plugin-2-0-8-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 43%CPEs: 1EXPL: 3CVE-2024-52380 – WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52380
11 Nov 2024 — The Picsmize plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/picsmize/wordpress-picsmize-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52384 – WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin <= 2.4.9 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52384
11 Nov 2024 — The Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/ai-content-generator/wordpress-sage-ai-chatbots-openai-gpt-4-bulk-articles-dalle-3-image-generation-plugin-2-4-9-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52393 – WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-52393
11 Nov 2024 — The Podlove Podcast Publisher plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.1.15. • https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-15-admin-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-10547 – WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10547
08 Nov 2024 — The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/wp-membership/10066554 • CWE-434: Unrestricted Upload of File with Dangerous Type •