CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9598 – AMP for WP – Accelerated Mobile Pages <= 1.0.99.1 - Cross-Site Request Forgery to Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-9598
24 Oct 2024 — The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. • https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.0.98/includes/options/redux-core/inc/class.p.php#L16 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49668 – WordPress Verbalize WP plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49668
21 Oct 2024 — The Verbalize WP plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0. • https://patchstack.com/database/vulnerability/verbalize-wp/wordpress-verbalize-wp-plugin-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49674 – WordPress EKC Tournament Manager plugin <= 2.2.1 - CSRF to Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49674
21 Oct 2024 — The EKC Tournament Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.1. • https://patchstack.com/database/vulnerability/ekc-tournament-manager/wordpress-ekc-tournament-manager-plugin-2-2-1-csrf-to-arbitrary-file-upload-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49615 – WordPress SafetyForms plugin <= 1.0.0 - CSRF to SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49615
18 Oct 2024 — The SafetyForms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/safetymails-forms/wordpress-safetyforms-plugin-1-0-0-csrf-to-sql-injection-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49617 – WordPress Back Link Tracker plugin <= 1.0.0 - CSRF to SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49617
18 Oct 2024 — The Back Link Tracker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/back-link-tracker/wordpress-back-link-tracker-plugin-1-0-0-csrf-to-sql-injection-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49621 – WordPress APA Register Newsletter Form plugin <= 1.0.0 - CSRF to SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49621
18 Oct 2024 — The APA Register Newsletter Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/apa-register-newsletter-form/wordpress-apa-register-newsletter-form-plugin-1-0-0-csrf-to-sql-injection-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49624 – WordPress Advanced Advertising System plugin <= 1.3.1 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49624
18 Oct 2024 — The Advanced Advertising System plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.3.1 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/advanced-advertising-system/wordpress-advanced-advertising-system-plugin-1-3-1-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49625 – WordPress SiteBuilder Dynamic Components plugin <= 1.0 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49625
18 Oct 2024 — The SiteBuilder Dynamic Components plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.0 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/sitebuilder-dynamic-components/wordpress-sitebuilder-dynamic-components-plugin-1-0-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49626 – WordPress Shipyaari Shipping Management plugin <= 1.2 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49626
18 Oct 2024 — The Shipyaari Shipping Management plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/shipyaari-shipping-managment/wordpress-shipyaari-shipping-management-plugin-1-2-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49326 – WordPress Affiliator plugin <= 2.1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49326
17 Oct 2024 — The Affiliator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.1.3. • https://patchstack.com/database/vulnerability/affiliator-lite/wordpress-affiliator-plugin-2-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •