CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6000 – FooEvents for WooCommerce <= 1.19.20 - Improper Authorization to (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6000
The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with contributor-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. ... El complemento FooEvents para WooCommerce para WordPress es vulnerable a cargas de archivos arbitrarias no autorizadas debido a una configuración de capacidad incorrecta en la función 'display_ticket_themes_page' en versiones hasta la 1.19.20 incluida. • https://help.fooevents.com/docs/topics/changelogs/fooevents-for-woocommerce https://www.wordfence.com/threat-intel/vulnerabilities/id/1080810b-ec9a-44fb-b4da-49b28646a441?source=cve • CWE-285: Improper Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 9CVE-2024-2023 – Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload
https://notcve.org/view.php?id=CVE-2024-2023
The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. ... El complemento Folders and Folders Pro para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 3.0 en Folders y la 3.0.2 en Folders Pro a través de la función 'handle_folders_file_upload'. • https://github.com/W01fh4cker/CVE-2024-27198-RCE https://github.com/dinosn/CVE-2024-20931 https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887 https://github.com/seajaysec/Ivanti-Connect-Around-Scan https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887 https://github.com/team890/CVE-2023-2024 https://github.com/actuator/yi https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped https://github.com/UnHackerEnCapital/PDFernetRemotelo https://plug • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 50CVE-2024-2024 – Folders Pro <= 3.0.2 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload
https://notcve.org/view.php?id=CVE-2024-2024
The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento Folders Pro para WordPress es vulnerable a cargas de archivos arbitrarias debido a la falta de validación del tipo de archivo en la función 'handle_folders_file_upload' en todas las versiones hasta la 3.0.2 incluida. • https://github.com/Notselwyn/CVE-2024-1086 https://github.com/amalmurali47/git_rce https://github.com/zgzhang/cve-2024-6387-poc https://github.com/acrono/cve-2024-6387-poc https://github.com/amlweems/xzbot https://github.com/h4x0r-dz/CVE-2024-23897 https://github.com/h4x0r-dz/CVE-2024-3400 https://github.com/h4x0r-dz/CVE-2024-21762 https://github.com/h4x0r-dz/CVE-2024-21893.py https://github.com/hakaioffsec/CVE-2024-21338 https://github.com/varwara/CVE • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35745 – WordPress Strategery Migrations plugin <= 1.0 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-35745
The Strategery Migrations plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to delete arbitrary files on the server which can lead to remote code execution. • https://patchstack.com/database/vulnerability/strategery-migrations/wordpress-strategery-migrations-plugin-1-0-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35743 – WordPress SC filechecker plugin <= 0.6 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-35743
The SC filechecker plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 0.6. This makes it possible for authenticated attackers, with administrator-level access and above, to delete arbitrary files on the server which can lead to remote code execution. • https://patchstack.com/database/vulnerability/wp-file-checker/wordpress-sc-filechecker-plugin-0-6-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •