CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49326 – WordPress Affiliator plugin <= 2.1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49326
17 Oct 2024 — The Affiliator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.1.3. • https://patchstack.com/database/vulnerability/affiliator-lite/wordpress-affiliator-plugin-2-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49327 – WordPress Woostagram Connect plugin <= 1.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49327
17 Oct 2024 — The Woostagram Connect plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.2. • https://patchstack.com/database/vulnerability/woostagram-connect/wordpress-woostagram-connect-plugin-1-0-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-49328 – WordPress WP REST API FNS Plugin plugin <= 1.0.0 - Account Takeover vulnerability
https://notcve.org/view.php?id=CVE-2024-49328
17 Oct 2024 — The WP REST API FNS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/rest-api-fns/wordpress-wp-rest-api-fns-plugin-plugin-1-0-0-account-takeover-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49329 – WordPress WP REST API FNS plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49329
17 Oct 2024 — The WP REST API FNS Plugin plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/rest-api-fns/wordpress-wp-rest-api-fns-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49330 – WordPress Nice Backgrounds plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49330
17 Oct 2024 — The Nice Backgrounds plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0. • https://patchstack.com/database/vulnerability/nicebackgrounds/wordpress-nice-backgrounds-plugin-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49332 – WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49332
17 Oct 2024 — The Giveaway Boost plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.4 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/giveaway-boost/wordpress-giveaway-boost-plugin-2-1-4-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49610 – WordPress photokit plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49610
17 Oct 2024 — The photokit plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0. • https://patchstack.com/database/vulnerability/photokit/wordpress-photokit-plugin-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49611 – WordPress Product Website Showcase plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49611
17 Oct 2024 — The Product Website Showcase plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0. • https://patchstack.com/database/vulnerability/product-websites-showcase/wordpress-product-website-showcase-plugin-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49622 – WordPress Apa Banner Slider plugin <= 1.0.0 - CSRF to SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49622
17 Oct 2024 — The Apa Banner Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/apa-banner-slider/wordpress-apa-banner-slider-plugin-1-0-0-csrf-to-sql-injection-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49324 – WordPress Sovratec Case Management plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49324
17 Oct 2024 — The Plugin Name: Sovratec Case Management plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/sovratec-case-management/wordpress-sovratec-case-management-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •