CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6365 – Product Table by WBW <= 2.0.1 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6365
The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. ... This makes it possible for unauthenticated attackers to execute code on the server. • https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/languages/customTitle.php https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/modules/wootablepress/models/wootablepress.php#L7 https://plugins.trac.wordpress.org/changeset/3113335 https://www.wordfence.com/threat-intel/vulnerabilities/id/ba84711f-bdbe-46d3-a9a3-cc2b1dcefd1a?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6316 – Generate PDF using Contact Form 7 <= 4.0.6 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6316
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/generate-pdf-using-contact-form-7/tags/4.0.6/inc/templates/cf7-pdf-generation.admin.html.php#L72 https://www.wordfence.com/threat-intel/vulnerabilities/id/52cce49b-49b3-49b0-9f18-4829f07a420f?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7061 – Advanced File Manager Shortcode <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-7061
This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress https://www.wordfence.com/threat-intel/vulnerabilities/id/26050f70-7a10-4df5-acd5-1c9e7613bf2c?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6314 – IQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6314
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/iq-testimonials/tags/2.2.7/lib/iq-testimonials-form.php#L296 https://www.wordfence.com/threat-intel/vulnerabilities/id/bec50640-a550-49a8-baf6-2dd53995f90b?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6310 – Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6310
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/advanced-ajax-page-loader/tags/2.7.7/advanced-ajax-page-loader.php#L131 https://plugins.trac.wordpress.org/browser/advanced-ajax-page-loader/tags/2.7.7/advanced-ajax-page-loader.php#L41 https://www.wordfence.com/threat-intel/vulnerabilities/id/ccc75dee-1cf8-4fda-b2a1-f5d68e6c7887?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •