Page 3 of 34991 results (0.039 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/woocommerce-support-ticket-system/17930050 https://www.wordfence.com/threat-intel/vulnerabilities/id/1ac218f6-0bfa-480c-9159-d75a027022ba?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution. • https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=247826%40top-store&new=247826%40top-store&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/80510ade-cb58-45b3-89f2-2cbbc5640cae?source=cve • CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation. • https://themes.svn.wordpress.org/th-shop-mania/1.4.9/lib/notification/notify.php https://themes.trac.wordpress.org/browser/th-shop-mania/1.4.9/lib/notification/notify.php https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=247810%40th-shop-mania&new=247810%40th-shop-mania&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/b7832d37-19a9-491b-879e-4a22f2ba46ec?source=cve • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/user-extra-fields/12949844 https://www.wordfence.com/threat-intel/vulnerabilities/id/6a60e2c3-4597-4b21-ad20-6a00e483fcf1?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: -EPSS: 0%CPEs: -EXPL: 0

An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. • https://github.com/havok89/Hoosk/issues/66 •