CVE-2024-10673 – Top Store <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
https://notcve.org/view.php?id=CVE-2024-10673
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution. • https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=247826%40top-store&new=247826%40top-store&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/80510ade-cb58-45b3-89f2-2cbbc5640cae?source=cve • CWE-862: Missing Authorization •
CVE-2024-10674 – Th Shop Mania <= 1.4.9 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation
https://notcve.org/view.php?id=CVE-2024-10674
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation. • https://themes.svn.wordpress.org/th-shop-mania/1.4.9/lib/notification/notify.php https://themes.trac.wordpress.org/browser/th-shop-mania/1.4.9/lib/notification/notify.php https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=247810%40th-shop-mania&new=247810%40th-shop-mania&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/b7832d37-19a9-491b-879e-4a22f2ba46ec?source=cve • CWE-862: Missing Authorization •
CVE-2024-10801 – WordPress User Extra Fields <= 16.5 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10801
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/user-extra-fields/12949844 https://www.wordfence.com/threat-intel/vulnerabilities/id/6a60e2c3-4597-4b21-ad20-6a00e483fcf1? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-10871 – Category Ajax Filter <= 2.8.2 - Unauthenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-10871
This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where files with a .php extension can be uploaded and included. • https://plugins.trac.wordpress.org/browser/category-ajax-filter/tags/2.8.2/includes/functions.php#L180 https://plugins.trac.wordpress.org/changeset/3183800 https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb03d81-ac33-487b-bf4d-927e8104866e?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVE-2024-51152
https://notcve.org/view.php?id=CVE-2024-51152
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component. • https://co-a1natas.feishu.cn/docx/GuYjd2lDEoxNhVxPa9Yc1akknee • CWE-434: Unrestricted Upload of File with Dangerous Type •