CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35744 – WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-35744
The Upunzipper plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with administrator-level access and above, to delete arbitrary files on the server which can lead to remote code execution. • https://patchstack.com/database/vulnerability/upunzipper/wordpress-upunzipper-plugin-1-0-0-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35746 – WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-35746
The BuddyPress Cover plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1.4.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/bp-cover/wordpress-buddypress-cover-plugin-2-1-4-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35658 – WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-35658
The Checkout Field Editor for WooCommerce (Pro) plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.6.2. ... This makes it possible for unauthenticated attackers to delete arbitrary files which can be leveraged to achieve remote code execution. • https://patchstack.com/database/vulnerability/woocommerce-checkout-field-editor-pro/wordpress-checkout-field-editor-for-woocommerce-pro-plugin-3-6-2-unauthenticated-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3412 – WP STAGING WordPress Backup Plugin – Migration Backup Restore <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-3412
The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento WP STAGING WordPress Backup Plugin – Migration Backup Restore para WordPress es vulnerable a cargas de archivos arbitrarias debido a la falta de validación del tipo de archivo en la acción wpstg_processing AJAX en todas las versiones hasta la 3.4.3 incluida. • https://plugins.trac.wordpress.org/changeset/3076275/wp-staging/trunk/Framework/Network/AjaxBackupDownloader.php https://www.wordfence.com/threat-intel/vulnerabilities/id/8ebb1072-ea05-4914-961d-0d8f20248078?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6743 – Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import
https://notcve.org/view.php?id=CVE-2023-6743
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. ... El complemento Unlimited Elements For Elementor (widgets, complementos y plantillas gratuitos) para WordPress es vulnerable a la ejecución remota de código en todas las versiones hasta la 1.5.89 incluida a través de la función de importación de plantillas. • https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_output.class.php#L1765 https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/core/plugins/unlimited_elements/elementor/elementor_widget.class.php#L3948 https://plugins.trac.wordpress.org/changeset/3010986/unlimited-elements-for-elementor#file6 https://plugins.trac.wordpress.org/changeset/3015166/unlimited-elements-for-elementor https://www.wordfence.com/threat-intel/vulnerabilities/id/25f71a19-8 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •