CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6743 – Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import
https://notcve.org/view.php?id=CVE-2023-6743
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server. • https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_output.class.php#L1765 https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/core/plugins/unlimited_elements/elementor/elementor_widget.class.php#L3948 https://plugins.trac.wordpress.org/changeset/3010986/unlimited-elements-for-elementor#file6 https://plugins.trac.wordpress.org/changeset/3015166/unlimited-elements-for-elementor https://www.wordfence.com/threat-intel/vulnerabilities/id/25f71a19-8 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3412 – WP STAGING WordPress Backup Plugin – Migration Backup Restore <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-3412
This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/changeset/3076275/wp-staging/trunk/Framework/Network/AjaxBackupDownloader.php https://www.wordfence.com/threat-intel/vulnerabilities/id/8ebb1072-ea05-4914-961d-0d8f20248078?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35236 – Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks
https://notcve.org/view.php?id=CVE-2024-35236
Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. ... Atacar a un usuario con altos privilegios (carga, creación de librerías) puede provocar la ejecución remota de código (RCE) en el peor de los casos. Esto se probó en la versión 2.9.0 en Windows, pero una escritura de archivo arbitraria es lo suficientemente potente como está y debería conducir fácilmente a RCE también en Linux. • https://github.com/advplyr/audiobookshelf/assets/36849099/46f6dfe0-9860-4ec0-a987-b3a553f7e45d https://github.com/advplyr/audiobookshelf/blob/04ed4810fdfcafc2e82db536edc5870e3f937d00/client/components/readers/EpubReader.vue#L319 https://github.com/advplyr/audiobookshelf/commit/ce7f891b9b2cb57c6644aaf96f89a8bda6307664 https://github.com/advplyr/audiobookshelf/releases/tag/v2.10.0 https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5274 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2024-5274
Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. ... (Severidad de seguridad de Chrome: alta) Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. • https://github.com/mistymntncop/CVE-2024-5274 https://github.com/Alchemist3dot14/CVE-2024-5274-Detection https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html https://issues.chromium.org/issues/341663589 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVC3FNI7HZLVSRIFBVUSBHI233DZYBKP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T6IBUYVPD4MIFQNNYBGAPI5MOECWXXOB • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35634 – Woocommerce – Recent Purchases plugin <= 1.0.1 - File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-35634
This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/vulnerability/woo-recent-purchases/woocommerce-recent-purchases-plugin-1-0-1-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •