CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6365 – Product Table by WBW <= 2.0.1 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6365
The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. • https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/languages/customTitle.php https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/modules/wootablepress/models/wootablepress.php#L7 https://plugins.trac.wordpress.org/changeset/3113335 https://www.wordfence.com/threat-intel/vulnerabilities/id/ba84711f-bdbe-46d3-a9a3-cc2b1dcefd1a?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6316 – Generate PDF using Contact Form 7 <= 4.0.6 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6316
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/generate-pdf-using-contact-form-7/tags/4.0.6/inc/templates/cf7-pdf-generation.admin.html.php#L72 https://www.wordfence.com/threat-intel/vulnerabilities/id/52cce49b-49b3-49b0-9f18-4829f07a420f?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7061 – Advanced File Manager Shortcode <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-7061
This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress https://www.wordfence.com/threat-intel/vulnerabilities/id/26050f70-7a10-4df5-acd5-1c9e7613bf2c?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6314 – IQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6314
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/iq-testimonials/tags/2.2.7/lib/iq-testimonials-form.php#L296 https://www.wordfence.com/threat-intel/vulnerabilities/id/bec50640-a550-49a8-baf6-2dd53995f90b?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6310 – Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6310
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/advanced-ajax-page-loader/tags/2.7.7/advanced-ajax-page-loader.php#L131 https://plugins.trac.wordpress.org/browser/advanced-ajax-page-loader/tags/2.7.7/advanced-ajax-page-loader.php#L41 https://www.wordfence.com/threat-intel/vulnerabilities/id/ccc75dee-1cf8-4fda-b2a1-f5d68e6c7887?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •