CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33556 – WordPress XStore Core plugin <= 5.3.8 - Limited Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-33556
Unrestricted Upload of File with Dangerous Type vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8. Vulnerabilidad de carga sin restricciones de archivos de tipo peligroso en 8theme XStore Core. Este problema afecta a XStore Core: desde n/a hasta 5.3.8. The XStore Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.3.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/et-core-plugin/wordpress-xstore-core-plugin-5-3-5-limited-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33557 – WordPress XStore Core plugin <= 5.3.8 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-33557
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue affects XStore Core: from n/a through 5.3.8. La limitación inadecuada de un nombre de ruta a un directorio restringido ('Path Traversal') vulnerabilidad en 8theme XStore Core permite la inclusión de archivos locales PHP. Este problema afecta a XStore Core: desde n/a hasta 5.3.8. The XStore Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. • https://patchstack.com/database/vulnerability/et-core-plugin/wordpress-xstore-core-plugin-5-3-5-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33558 – WordPress XStore Core plugin <= 5.3.5 - Limited Arbitrary File Download vulnerability
https://notcve.org/view.php?id=CVE-2024-33558
Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. Vulnerabilidad de autorización faltante en 8theme XStore Core. Este problema afecta a XStore Core: desde n/a hasta 5.3.5. The et-core-plugin plugin for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 5.3.8. This is due to the plugin not properly restricting which files can be downloaded. • https://patchstack.com/database/vulnerability/et-core-plugin/wordpress-xstore-core-plugin-5-3-5-limited-arbitrary-file-download-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •