CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4098 – Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-4098
19 Jun 2024 — The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. ... El complemento Shariff Wrapper para WordPress es vulnerable a la inclusión de archivos locales en versiones hasta la 4.6.13 incluida a través de la función shariff3uu_fetch_sharecounts. • https://plugins.trac.wordpress.org/browser/shariff/trunk/shariff.php#L410 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5432 – Lifeline Donation <= 1.2.6 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2024-5432
19 Jun 2024 — The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. ... El complemento Lifeline Donation para WordPress es vulnerable a la omisión de autenticación en versiones hasta la 1.2.6 incluida. • https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/includes/class-lifeline-donation.php?rev=2575844#L292 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35770 – WordPress Vimeography plugin <= 2.4.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-35770
18 Jun 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.4.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin. Este problema afecta a Vimeography: Vimeo Video Gallery WordPress Plugin: desde n/a hasta 2.4.1. The Vimeography: Vimeo Video Gallery WordPress Plugin plugi... • https://patchstack.com/database/vulnerability/vimeography/wordpress-vimeography-plugin-2-4-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35771 – WordPress Customizr theme <= 4.4.21 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-35771
18 Jun 2024 — The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.21. • https://patchstack.com/database/vulnerability/customizr/wordpress-customizr-theme-4-4-21-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35772 – WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-35772
18 Jun 2024 — The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.24. • https://patchstack.com/database/vulnerability/hueman/wordpress-hueman-theme-3-7-24-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3229 – Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-3229
18 Jun 2024 — The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. ... El complemento Salon booking system para WordPress es vulnerable a cargas arbitrarias de archivos debido a la falta de validación del tipo de archivo en la función SLN_Action_Ajax_ImportAssistants junto con la falta de comprobaciones de au... • https://plugins.trac.wordpress.org/changeset/3103584/salon-booking-system/trunk/src/SLN/Action/Ajax/ImportAssistants.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4258 – Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-4258
14 Jun 2024 — The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. ... El complemento Video Gallery – YouTube Playlist, Channel Gallery by YotuWP para WordPress es vulnerable a la inclusión de archivos locales en todas las versiones hasta la 1.3.13 incluida a través del parámetro de configuración. • https://plugins.trac.wordpress.org/browser/yotuwp-easy-youtube-embed/trunk/yotuwp.php#L731 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5871 – WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-5871
14 Jun 2024 — The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. ... El complemento WooCommerce - Social Login para WordPress es vulnerable a la inyección de objetos PHP en todas las versiones hasta la 2.6.2 incluida a través de la deserialización de entradas no confiables del parámetro vulnerable 'woo_slg_verify'. • https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4936 – Canto <= 3.0.8 - Unauthenticated Remote File Inclusion
https://notcve.org/view.php?id=CVE-2024-4936
13 Jun 2024 — The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. ... El complemento Canto para WordPress es vulnerable a la inclusión remota de archivos en todas las versiones hasta la 3.0.8 incluida a través del parámetro abspath. • https://plugins.trac.wordpress.org/browser/canto/trunk/includes/lib/sizes.php#L15 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5551 – WP STAGING PRO - Backup Duplicator & Migration <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-5551
13 Jun 2024 — The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicator & Migration plugin. ... El complemento WP STAGING Pro WordPress Backup Plugin para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 5.6.0 inc... • https://plugins.trac.wordpress.org/browser/wp-staging/trunk/Backend/views/settings/tabs/remote-storages.php#L14 • CWE-352: Cross-Site Request Forgery (CSRF) •