CVSS: 10.0EPSS: 28%CPEs: 1EXPL: 1CVE-2024-50493 – WordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50493
25 Oct 2024 — The Automatic Translation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/automatic-translation/wordpress-automatic-translation-plugin-1-0-4-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50494 – WordPress Sudan Payment Gateway for WooCommerce plugin <= 1.2.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50494
25 Oct 2024 — The Sudan Payment Gateway for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wc-sudan-payment-gateway/wordpress-sudan-payment-gateway-for-woocommerce-plugin-1-2-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50495 – WordPress Plugin Propagator plugin <= 0.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50495
25 Oct 2024 — The Plugin Propagator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wp-propagator/wordpress-plugin-propagator-plugin-0-1-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50496 – WordPress AR For WordPress plugin <= 6.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50496
25 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2. The AR For WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may ... • https://patchstack.com/database/vulnerability/ar-for-wordpress/wordpress-ar-for-wordpress-plugin-6-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 86%CPEs: 1EXPL: 3CVE-2024-50498 – WordPress WP Query Console plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-50498
25 Oct 2024 — The WP Query Console plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0. • https://patchstack.com/database/vulnerability/wp-query-console/wordpress-wp-query-console-plugin-1-0-remote-code-execution-rce-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50420 – WordPress aDirectory plugin <= 1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50420
24 Oct 2024 — The aDirectory – Directory Listing WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/adirectory/wordpress-adirectory-plugin-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 45%CPEs: 1EXPL: 1CVE-2024-50427 – WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50427
24 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder. Este problema afecta a SurveyJS: Drag & Drop WordPress Form Builder: desde n/a hasta 1.9.136. The SurveyJS: Drag & Dr... • https://patchstack.com/database/vulnerability/surveyjs/wordpress-surveyjs-plugin-1-9-136-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50442 – WordPress Royal Elementor Addons and Templates plugin <= 1.3.980 - XML External Entity (XXE) vulnerability
https://notcve.org/view.php?id=CVE-2024-50442
24 Oct 2024 — The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to External Entity Injection in all versions up to, and including, 1.3.980. ... This makes it possible for authenticated attackers, with author-level access and above, to inject external entities and perform other attacks like SSRF and remote code execution in the proper configuration. • https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-and-templates-plugin-1-3-980-xml-external-entity-xxe-vulnerability? • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.9EPSS: 53%CPEs: 1EXPL: 2CVE-2024-49653 – WordPress Portfolleo plugin <= 1.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49653
21 Oct 2024 — The Portfolleo plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. WordPress Portfolleo plugin versions 1.2 and below suffer from a remote shell upload vulnerability. • https://patchstack.com/database/vulnerability/portfolleo/wordpress-portfolleo-plugin-1-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49652 – WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49652
21 Oct 2024 — The 3D Work In Progress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/renee-work-in-progress/wordpress-3d-work-in-progress-plugin-1-0-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •