CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11949 – GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-11949
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. ... An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-1672 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54270 – WordPress Axeptio plugin <= 2.5.3 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-54270
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axeptio Axeptio allows PHP Local File Inclusion.This issue affects Axeptio: from n/a through 2.5.3. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/wordpress/plugin/axeptio-sdk-integration/vulnerability/wordpress-axeptio-plugin-2-5-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54285 – WordPress SeedProd Pro plugin <= 6.18.10 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-54285
The SeedProd Pro plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 6.18.10. This makes it possible for authenticated attackers, with Editor-level access and above, to include remote files on the server, resulting in code execution. • https://patchstack.com/database/wordpress/plugin/seedprod-coming-soon-pro-5/vulnerability/wordpress-seedprod-pro-plugin-6-18-10-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54313 – WordPress FULL – Cliente plugin <= 3.1.25 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-54313
This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/wordpress/plugin/full-customer/vulnerability/wordpress-full-cliente-plugin-3-1-25-local-file-inclusion-vulnerability?_s_id=cve • .//' CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54368 – WordPress GitSync plugin <= 1.1.0 - CSRF to Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-54368
GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0. ... This makes it possible for unauthenticated attackers to execute remote code via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/wordpress/plugin/git-sync/vulnerability/wordpress-gitsync-plugin-1-1-0-csrf-to-remote-code-execution-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •