CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-10392 – AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10392
30 Oct 2024 — The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and including, 1.8.89. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento AI Power: Complete AI Pack para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta... • https://plugins.trac.wordpress.org/changeset/3176122/gpt3-ai-content-generator#file508 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50523 – WordPress All Post Contact Form plugin <= 1.7.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50523
30 Oct 2024 — The All Post Contact Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.7.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/allpost-contactform/wordpress-all-post-contact-form-plugin-1-6-7-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50525 – WordPress Helloprint plugin <= 2.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50525
30 Oct 2024 — The Plug your WooCommerce into the largest catalog of customized print products from Helloprint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/helloprint/wordpress-helloprint-plugin-2-0-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50526 – WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50526
30 Oct 2024 — The Multi Purpose Mail Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/multi-purpose-mail-form/wordpress-multi-purpose-mail-form-plugin-1-0-2-arbitrary-file-upload-vulnerability-2? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50527 – WordPress Stacks Mobile App Builder plugin <= 5.2.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50527
30 Oct 2024 — The Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.2.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50529 – WordPress Training – Courses plugin <= 2.0.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50529
30 Oct 2024 — The Training – Courses plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/training/wordpress-training-courses-plugin-2-0-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50530 – WordPress Stars SMTP Mailer plugin <= 1.7 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50530
30 Oct 2024 — The Stars SMTP Mailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/stars-smtp-mailer/wordpress-stars-smtp-mailer-plugin-1-7-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50531 – WordPress RSVPMaker for Toastmasters plugin <= 6.2.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50531
30 Oct 2024 — The RSVPMaker for Toastmasters plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/rsvpmaker-for-toastmasters/wordpress-rsvpmaker-for-toastmasters-plugin-6-2-4-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 54%CPEs: 1EXPL: 1CVE-2024-7985 – FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7985
29 Oct 2024 — The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/Nxploited/CVE-2024-7985-PoC • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 2%CPEs: 1EXPL: 0CVE-2024-8512 – W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-8512
29 Oct 2024 — The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. ... El complemento W3SPEEDSTER para WordPress es vulnerable a la ejecución remota de código en todas las versiones hasta la 7.26 incluida a través del parámetro 'script' de la función hookBeforeStartOptimization(). • https://plugins.trac.wordpress.org/browser/w3speedster-wp/trunk/w3speedster.php#L740 • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •