CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49314 – WordPress JiangQie Free Mini Program plugin <= 2.5.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49314
15 Oct 2024 — The JiangQie Free Mini Program plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.5.2. • https://patchstack.com/database/vulnerability/jiangqie-free-mini-program/wordpress-jiangqie-free-mini-program-plugin-2-5-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49318 – WordPress My Reading Library plugin <= 1.0 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49318
15 Oct 2024 — The My Reading Library plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.0 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/my-reading-library/wordpress-my-reading-library-plugin-1-0-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49322 – WordPress Job Board Manager for WordPress plugin <= 1.0 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-49322
15 Oct 2024 — Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0. The Job Board Manager for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0. • https://patchstack.com/database/vulnerability/jemployee/wordpress-job-board-manager-for-wordpress-plugin-1-0-privilege-escalation-vulnerability? • CWE-266: Incorrect Privilege Assignment •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8507 – File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8507
15 Oct 2024 — The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. • https://www.wordfence.com/threat-intel/vulnerabilities/id/db70b37c-707a-47b8-a3a2-5a2b7d30de89?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8746 – File Manager Pro <= 8.3.9 - Unauthenticated Backup File Download and Upload
https://notcve.org/view.php?id=CVE-2024-8746
15 Oct 2024 — The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. • https://www.wordfence.com/threat-intel/vulnerabilities/id/88f1eb9a-f3bb-4b62-975f-a6cb95850966?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9105 – UltimateAI <= 2.8.3 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-9105
15 Oct 2024 — The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.8.3. • https://codecanyon.net/item/ultimateai-ai-enhanced-wordpress-plugin-with-saas-for-content-code-chat-and-image-generation/51201953 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9634 – GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9634
15 Oct 2024 — The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. • https://plugins.trac.wordpress.org/browser/give/tags/3.16.2/src/Donations/Repositories/DonationRepository.php?rev=3157829 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9893 – Nextend Social Login Pro <= 3.1.14 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-9893
15 Oct 2024 — The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. ... El complemento Nextend Social Login Pro para WordPress es vulnerable a la omisión de la autenticación en todas las versiones hasta la 3.1.14 incluida. • https://wordpress.org/plugins/nextend-facebook-connect/#developers • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49216 – WordPress Feed Comments Number plugin <= 0.2.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49216
14 Oct 2024 — The Feed Comments Number plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFont() function in all versions up to, and including, 0.2.1. • https://patchstack.com/database/vulnerability/feed-comments-number/wordpress-feed-comments-number-plugin-0-2-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49217 – WordPress Adding drop down roles in registration plugin <= 1.1 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-49217
14 Oct 2024 — The Adding drop down roles in registration plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1. • https://patchstack.com/database/vulnerability/user-drop-down-roles-in-registration/wordpress-adding-drop-down-roles-in-registration-plugin-1-1-privilege-escalation-vulnerability? • CWE-266: Incorrect Privilege Assignment •