CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49218 – WordPress Recently plugin <= 1.1 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49218
14 Oct 2024 — The Recently plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.1 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/recently-viewed-most-viewed-and-sold-products-for-woocommerce/wordpress-recently-plugin-1-1-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49242 – WordPress Digital Lottery plugin <= 3.0.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49242
14 Oct 2024 — The Digital Lottery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.0.5. • https://patchstack.com/database/vulnerability/digital-lottery/wordpress-digital-lottery-plugin-3-0-5-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49247 – WordPress BuddyPress Better Registration plugin <= 1.6 - Broken Authentication vulnerability
https://notcve.org/view.php?id=CVE-2024-49247
14 Oct 2024 — The BuddyPress Better Registration plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. • https://patchstack.com/database/vulnerability/better-bp-registration/wordpress-buddypress-better-registration-plugin-1-6-broken-authentication-vulnerability? • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49250 – WordPress Table of Contents Plus plugin <= 2408 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-49250
14 Oct 2024 — The Table of Contents Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2411. • https://patchstack.com/database/vulnerability/table-of-contents-plus/wordpress-table-of-contents-plus-plugin-2408-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49254 – WordPress ajax-extend plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-49254
14 Oct 2024 — The ajax-extend plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the ajax_operation function. • https://patchstack.com/database/vulnerability/ajax-extend/wordpress-ajax-extend-plugin-1-0-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49257 – WordPress Azz Anonim Posting plugin <= 0.9 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49257
14 Oct 2024 — The Azz Anonim Posting plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the AzzapUploadHandler class in all versions up to, and including, 0.9. • https://patchstack.com/database/vulnerability/azz-anonim-posting/wordpress-azz-anonim-posting-plugin-0-9-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49272 – WordPress Social Auto Poster plugin <= 5.3.15 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-49272
14 Oct 2024 — The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.15. • https://patchstack.com/database/vulnerability/social-auto-poster/wordpress-social-auto-poster-plugin-5-3-15-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49274 – WordPress VOD Infomaniak plugin <= 1.5.7 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-49274
14 Oct 2024 — The VOD Infomaniak plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. • https://patchstack.com/database/vulnerability/vod-infomaniak/wordpress-vod-infomaniak-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49275 – WordPress IdeaPush plugin <= 8.69 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-49275
14 Oct 2024 — The IdeaPush plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.69. • https://patchstack.com/database/vulnerability/ideapush/wordpress-ideapush-plugin-8-69-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-9047 – WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php
https://notcve.org/view.php?id=CVE-2024-9047
11 Oct 2024 — The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. ... Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier. • https://github.com/iSee857/CVE-2024-9047-PoC • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •