CVSS: 9.8EPSS: 23%CPEs: 1EXPL: 1CVE-2024-50509 – WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-50509
28 Oct 2024 — The Woocommerce Product Design plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/woo-product-design/wordpress-woocommerce-product-design-plugin-1-0-0-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 20%CPEs: 1EXPL: 1CVE-2024-50510 – WordPress AR For Woocommerce plugin <= 6.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50510
28 Oct 2024 — The AR for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/ar-for-woocommerce/wordpress-ar-for-woocommerce-plugin-6-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50511 – WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50511
28 Oct 2024 — The WP donimedia carousel plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wp-donimedia-carousel/wordpress-wp-donimedia-carousel-plugin-1-0-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 68%CPEs: 1EXPL: 1CVE-2024-9162 – All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection
https://notcve.org/view.php?id=CVE-2024-9162
27 Oct 2024 — The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers, with Administrator-level access and above, to create an export file with the .php extension on the affected site's server, adding an arbitrary PHP code to it, which may make remote code execution possible. • https://github.com/d0n601/CVE-2024-9162 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 57%CPEs: 1EXPL: 2CVE-2024-50492 – WordPress ScottCart plugin <= 1.1 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-50492
25 Oct 2024 — The WordPress eCommerce – ScottCart plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.1. ... WordPress ScottCart plugin versions 1.1 and below suffer from a remote code execution vulnerability. • https://patchstack.com/database/vulnerability/scottcart/wordpress-scottcart-plugin-1-1-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 70%CPEs: 1EXPL: 2CVE-2024-9932 – Wux Blog Editor <= 3.0.0 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-9932
25 Oct 2024 — The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/RandomRobbieBF/CVE-2024-9932 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 28%CPEs: 1EXPL: 1CVE-2024-50473 – WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50473
25 Oct 2024 — The Ajar in5 Embed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.1.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/ajar-productions-in5-embed/wordpress-ajar-in5-embed-plugin-3-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50480 – WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50480
25 Oct 2024 — The Marketing Automation by AZEXO plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.27.80. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/marketing-automation-by-azexo/wordpress-marketing-automation-by-azexo-plugin-1-27-80-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 28%CPEs: 1EXPL: 1CVE-2024-50482 – WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50482
25 Oct 2024 — The Woocommerce Product Design plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/woo-product-design/wordpress-woocommerce-product-design-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50484 – WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50484
25 Oct 2024 — The Multi Purpose Mail Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/multi-purpose-mail-form/wordpress-multi-purpose-mail-form-plugin-1-0-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •