CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54372 – WordPress Insertify plugin <= 1.1.4 - CSRF to Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-54372
The Insertify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. • https://patchstack.com/database/wordpress/plugin/insertify/vulnerability/wordpress-insertify-plugin-1-1-4-csrf-to-remote-code-execution-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54262 – WordPress Import Export For WooCommerce plugin <= 1.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-54262
The Import Export For WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/import-export-for-woocommerce/vulnerability/wordpress-import-export-for-woocommerce-plugin-1-5-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53811 – WordPress WDesignKit plugin <= 1.0.40 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-53811
The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.40. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/wdesignkit/vulnerability/wordpress-wdesignkit-plugin-1-0-40-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53822 – WordPress Pie Register Premium plugin < 3.8.3.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-53822
The Pie Register Premium plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to 3.8.3.3 (exclusive). This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/pie-register-premium/vulnerability/wordpress-pie-register-premium-plugin-3-8-3-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11391 – Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-11391
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3199242 https://www.wordfence.com/threat-intel/vulnerabilities/id/f14a658c-1517-4af4-8bd7-c379ac07ab35?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •