CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7258 – WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-7258
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/data/js/wppfm_ajaxdatahandling.js#L537 https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/data/js/wppfm_ajaxdatahandling.js#L546 https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/data/js/wppfm_ajaxdatahandling.js#L575 https://plugins.trac.wordpress.org/changeset/3137475 https://www.wordfence.com/threat-intel/vulnerabilities/id/ffd6e18d-9173-4911-af64-5d54c6d2e052?source=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7559 – File Manager Pro <= 8.3.7 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-7559
The File Manager Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in the mk_file_folder_manager AJAX action in all versions up to, and including, 8.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://filemanagerpro.io/file-manager-pro https://www.wordfence.com/threat-intel/vulnerabilities/id/f4b45791-4b85-4a2d-8019-1d438bd694cb?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8480 – Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8480
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/sirv/tags/7.2.7/sirv.php#L6331 https://plugins.trac.wordpress.org/browser/sirv/trunk/sirv.php?rev=3103410#L4647 https://plugins.trac.wordpress.org/changeset/3115018 https://www.wordfence.com/threat-intel/vulnerabilities/id/1e3e628f-b5e7-40fd-9d34-4a3b23e1e0e7?source=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7384 – AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function
https://notcve.org/view.php?id=CVE-2024-7384
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the acym_extractArchive function in all versions up to, and including, 9.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/acymailing/trunk/back/libraries/wordpress/file.php#L47 https://plugins.trac.wordpress.org/changeset/3137644 https://plugins.trac.wordpress.org/changeset?old_path=%2Facymailing&old=3118953&new_path=%2Facymailing&new=3137644&sfp_email=&sfph_mail= https://wordpress.org/plugins/acymailing/#developers https://www.acymailing.com/changelog https://www.wordfence.com/threat-intel/vulnerabilities/id/0c747bc9-582c-4b9f-85a4-469c446d50f5? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 2CVE-2024-6386 – WPML Multilingual CMS <= 4.6.12 - Authenticated(Contributor+) Remote Code Execution via Twig Server-Side Template Injection
https://notcve.org/view.php?id=CVE-2024-6386
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. ... The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. • https://github.com/realbotnet/CVE-2024-6386 https://github.com/argendo/CVE-2024-6386 https://sec.stealthcopter.com/wpml-rce-via-twig-ssti https://wpml.org https://www.wordfence.com/threat-intel/vulnerabilities/id/f7fc91cc-e529-4362-8269-bf7ee0766e1e? • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •