CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49657 – WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-49657
21 Oct 2024 — The 3D Work In Progress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/vulnerability/renee-work-in-progress/wordpress-3d-work-in-progress-plugin-1-0-3-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49658 – WordPress Woocommerce Custom Profile Picture plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49658
21 Oct 2024 — The Woocommerce Custom Profile Picture plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/woo-custom-profile-picture/wordpress-woocommerce-custom-profile-picture-plugin-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49669 – WordPress INK Official plugin <= 4.1.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49669
21 Oct 2024 — The INK Official plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/ink-official/wordpress-ink-official-plugin-4-1-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49671 – WordPress AI Postpix plugin <= 1.1.8 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49671
21 Oct 2024 — The AI Image Generator for Your Content & Featured Images – AI Postpix plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/ai-postpix/wordpress-ai-postpix-plugin-1-1-8-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49676 – WordPress Custom Icons for Elementor plugin <= 0.3.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49676
21 Oct 2024 — The Custom Icons for Elementor plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/custom-icons-for-elementor/wordpress-custom-icons-for-elementor-plugin-0-3-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 54%CPEs: 1EXPL: 1CVE-2024-49668 – WordPress Verbalize WP plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49668
21 Oct 2024 — The Verbalize WP plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/verbalize-wp/wordpress-verbalize-wp-plugin-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 59%CPEs: 2EXPL: 3CVE-2024-9593 – Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9593
18 Oct 2024 — The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. • https://github.com/RandomRobbieBF/CVE-2024-9593 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49324 – WordPress Sovratec Case Management plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49324
17 Oct 2024 — The Plugin Name: Sovratec Case Management plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/sovratec-case-management/wordpress-sovratec-case-management-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49326 – WordPress Affiliator plugin <= 2.1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49326
17 Oct 2024 — The Affiliator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.1.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/affiliator-lite/wordpress-affiliator-plugin-2-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49327 – WordPress Woostagram Connect plugin <= 1.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49327
17 Oct 2024 — The Woostagram Connect plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/woostagram-connect/wordpress-woostagram-connect-plugin-1-0-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •