CVE-2024-10124 – Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation
https://notcve.org/view.php?id=CVE-2024-10124
This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. • https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L28 https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/app.php#L46 https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/vayu-sites/core/class-installation.php#L29 https://plugins.trac.wordpress.org/changeset/3173408 https://plugins.trac.wordpress.org/changeset/3203532/vayu-blocks/tags/1.2.0/inc/vayu-sites/app.php https://www.wordfence.com/threat-intel/vulnerabilities/i • CWE-284: Improper Access Control •
CVE-2024-11947 – GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11947
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. • https://www.zerodayinitiative.com/advisories/ZDI-24-1670 • CWE-502: Deserialization of Untrusted Data •
CVE-2024-11948 – GFI Archiver Telerik Web UI Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11948
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. • https://www.zerodayinitiative.com/advisories/ZDI-24-1671 • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVE-2024-11949 – GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11949
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. • https://www.zerodayinitiative.com/advisories/ZDI-24-1672 • CWE-502: Deserialization of Untrusted Data •
CVE-2024-54370 – WordPress Video & Photo Gallery for Ultimate Member plugin <= 1.1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-54370
This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/gallery-for-ultimate-member/vulnerability/wordpress-video-photo-gallery-for-ultimate-member-plugin-1-1-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •