CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6161 – Default Thumbnail Plus <= 1.0.2.3 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6161
08 Jul 2024 — This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/default-thumbnail-plus/trunk/default-thumbnail-plus.php?rev=597280#L337 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6365 – Product Table by WBW <= 2.0.1 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6365
08 Jul 2024 — The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. ... This makes it possible for unauthenticated attackers to execute code on the server. • https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/languages/customTitle.php • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7061 – Advanced File Manager Shortcode <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-7061
08 Jul 2024 — This makes it possible for authenticated attackers with contributor access or above to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6310 – Advanced AJAX Page Loader <= 2.7.7 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6310
08 Jul 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/advanced-ajax-page-loader/tags/2.7.7/advanced-ajax-page-loader.php#L131 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6314 – IQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6314
08 Jul 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/iq-testimonials/tags/2.2.7/lib/iq-testimonials-form.php#L296 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6321 – ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6321
08 Jul 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/scrollto-bottom/trunk/scrollto-bottom.php?rev=516875#L256 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6316 – Generate PDF using Contact Form 7 <= 4.0.6 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6316
08 Jul 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can tri... • https://plugins.trac.wordpress.org/browser/generate-pdf-using-contact-form-7/tags/4.0.6/inc/templates/cf7-pdf-generation.admin.html.php#L72 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6320 – ScrollTo Top <= 1.2.2 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6320
08 Jul 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/scrollto-top/trunk/scrollto-top.php?rev=662578#L238 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6309 – Attachment File Icons (AF Icons) <= 1.3 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6309
08 Jul 2024 — This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/attachment-file-icons/tags/1.3/attachment-file-icons.php#L130 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-39202
https://notcve.org/view.php?id=CVE-2024-39202
08 Jul 2024 — D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. Se descubrió que el firmware D-Link DIR-823X - 240126 contiene una vulnerabilidad de ejecución remota de comandos (RCE) a través del parámetro dhcpd_startip en /goform/set_lan_settings. • https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •