CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5975 – CZ Loan Management <= 1.1 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2024-5975
09 Jul 2024 — The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection The CZ Loan Management plugin for WordPress is vulnerable to SQL Injection via the 'selectedperiod' parameter of the 'cz_plugin_for_user_get_percentage' AJAX action in all versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of ... • https://wpscan.com/vulnerability/68f81943-b007-49c8-be9c-d0405b2ba4cf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6309 – Attachment File Icons (AF Icons) <= 1.3 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6309
08 Jul 2024 — The Attachment File Icons (AF Icons) plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. ... El complemento Attachment File Icons (AF Icons) para WordPress es vulnerable a Cross-Site Request Forgery para la carga arbitraria de archivos en versiones hasta la 1.3 incluida. • https://plugins.trac.wordpress.org/browser/attachment-file-icons/tags/1.3/attachment-file-icons.php#L130 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6313 – Gutenberg Forms <= 2.2.9 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6313
08 Jul 2024 — The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9. ... El complemento Gutenberg Forms para WordPress es vulnerable a cargas de archivos arbitrarias debido a que los usuarios pueden especificar los tipos de archivos permitidos en la función 'upload' en versiones hasta la 2.2.9 incluida. • https://plugins.trac.wordpress.org/browser/forms-gutenberg/tags/2.2.9/Utils/Bucket.php#L19 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6314 – IQ Testimonials <= 2.2.7 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6314
08 Jul 2024 — The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process_image_upload' function in versions up to, and including, 2.2.7. ... El complemento IQ Testimonials para WordPress es vulnerable a cargas de archivos arbitrarias debido a una validación insuficiente del tipo de archivo en la función 'process_image_upload' en versiones hasta la 2.2.7 incluida. • https://plugins.trac.wordpress.org/browser/iq-testimonials/tags/2.2.7/lib/iq-testimonials-form.php#L296 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6316 – Generate PDF using Contact Form 7 <= 4.0.6 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6316
08 Jul 2024 — The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. ... El complemento Generate PDF using Contact Form 7 para WordPress es vulnerable a Cross-Site Request Forgery para la carga arbitraria de archivos en versiones hasta la 4.0.6 incluida. ... The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in v... • https://plugins.trac.wordpress.org/browser/generate-pdf-using-contact-form-7/tags/4.0.6/inc/templates/cf7-pdf-generation.admin.html.php#L72 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6317 – Generate PDF using Contact Form 7 <= 4.0.6 - Cross-Site Request Forgery to Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-6317
08 Jul 2024 — The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 4.0.6. ... El complemento Generate PDF using Contact Form 7 para WordPress es vulnerable a Cross-Site Request Forgery para la carga arbitraria de archivos en versiones hasta la 4.0.6 incluida. ... The Generate PDF using Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in v... • https://plugins.trac.wordpress.org/browser/generate-pdf-using-contact-form-7/tags/4.0.6/inc/templates/cf7-pdf-generation.admin.html.php#L74 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6320 – ScrollTo Top <= 1.2.2 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6320
08 Jul 2024 — The ScrollTo Top plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.2.2. ... El complemento ScrollTo Top para WordPress es vulnerable a Cross-Site Request Forgery para la carga arbitraria de archivos en versiones hasta la 1.2.2 incluida. • https://plugins.trac.wordpress.org/browser/scrollto-top/trunk/scrollto-top.php?rev=662578#L238 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6321 – ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6321
08 Jul 2024 — The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. ... El complemento ScrollTo Bottom para WordPress es vulnerable a Cross-Site Request Forgery para la carga arbitraria de archivos en versiones hasta la 1.1.1 incluida. • https://plugins.trac.wordpress.org/browser/scrollto-bottom/trunk/scrollto-bottom.php?rev=516875#L256 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6365 – Product Table by WBW <= 2.0.1 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-6365
08 Jul 2024 — The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. ... El complemento Product Table by WBW para WordPress es vulnerable a la ejecución remota de código en todas las versiones hasta la 2.0.1 incluida a través de la función 'saveCustomTitle'. • https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/languages/customTitle.php • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37934 – WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37934
04 Jul 2024 — The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.4. • https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-8-4-subscriber-arbitrary-shortcode-execution-vulnerability? • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •