CVSS: 10.0EPSS: 54%CPEs: 1EXPL: 1CVE-2024-49668 – WordPress Verbalize WP plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49668
21 Oct 2024 — The Verbalize WP plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/verbalize-wp/wordpress-verbalize-wp-plugin-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 59%CPEs: 2EXPL: 3CVE-2024-9593 – Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9593
18 Oct 2024 — The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. • https://github.com/RandomRobbieBF/CVE-2024-9593 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49324 – WordPress Sovratec Case Management plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49324
17 Oct 2024 — The Plugin Name: Sovratec Case Management plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/sovratec-case-management/wordpress-sovratec-case-management-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49326 – WordPress Affiliator plugin <= 2.1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49326
17 Oct 2024 — The Affiliator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.1.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/affiliator-lite/wordpress-affiliator-plugin-2-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49327 – WordPress Woostagram Connect plugin <= 1.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49327
17 Oct 2024 — The Woostagram Connect plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/woostagram-connect/wordpress-woostagram-connect-plugin-1-0-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49329 – WordPress WP REST API FNS plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49329
17 Oct 2024 — The WP REST API FNS Plugin plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/rest-api-fns/wordpress-wp-rest-api-fns-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49330 – WordPress Nice Backgrounds plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49330
17 Oct 2024 — The Nice Backgrounds plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/nicebackgrounds/wordpress-nice-backgrounds-plugin-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49331 – WordPress Property Lot Management System plugin <= 4.2.38 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49331
17 Oct 2024 — The Property Lot Management System plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Custom-level access (Salesman and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/plms/wordpress-property-lot-management-system-plugin-4-2-38-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 20%CPEs: 1EXPL: 1CVE-2024-49607 – WordPress WP Dropbox Dropins plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49607
17 Oct 2024 — The WP Dropbox Dropins plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wp-dropbox-dropins/wordpress-wp-dropbox-dropins-plugin-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49610 – WordPress photokit plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49610
17 Oct 2024 — The photokit plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/photokit/wordpress-photokit-plugin-1-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •