CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34802 – WordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-34802
20 May 2024 — The AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adfoxly_ad_status() function in all versions up to, and including, 1.8.5. • https://patchstack.com/database/vulnerability/adfoxly/wordpress-adfoxly-plugin-1-8-5-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2771 – Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-2771
17 May 2024 — The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. ... El complemento Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder para WordPress es vulnerable a la escalada de privilegios debido a una falta de verificación de capacid... • https://plugins.trac.wordpress.org/changeset/3088078/fluentform/trunk/app/Http/Policies/RoleManagerPolicy.php • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4620 – ArForms < 6.6 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2024-4620
17 May 2024 — The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form El complemento ARForms - Premium WordPress Form Builder para WordPress anterior a 6.6 permite a los usuarios no autenticados modificar los archivos cargados de tal manera que el código PHP se pueda cargar cuando se incluye una entrada de archivo de carga en ... • https://wpscan.com/vulnerability/dc34dc2d-d5a1-4e28-8507-33f659ead647 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3551 – Penci Soledad Data Migrator <= 1.3.0 - Unauthenticated Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-3551
16 May 2024 — The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. ... El complemento para WordPress Penci Soledad Data Migrator es vulnerable a la inclusión de archivos locales en todas las versiones hasta la 1.3.0 incluida a través del parámetro 'data'. • https://github.com/efekaanakkar/CVE-2024-35511 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4223 – Tutor LMS <= 2.7.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-4223
15 May 2024 — The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. ... El complemento Tutor LMS para WordPress es vulnerable al acceso no autorizado a datos, modificación de datos, pérdida de datos debido a una falta de verificación de capacidad en múltiples funciones en todas las versiones hasta la 2.7.0 inclusive. • https://plugins.trac.wordpress.org/changeset/3086489 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31351 – WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-31351
14 May 2024 — The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.6. • https://patchstack.com/database/vulnerability/copymatic/wordpress-copymatic-plugin-1-6-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-32700 – WordPress Kognetiks Chatbot for WordPress plugin <= 2.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-32700
13 May 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Kognetiks Kognetiks Chatbot para WordPress chatbot-chatgpt. Este problema afecta a Kognetiks Chatbot para WordPress: desde n/a hasta 2.0.0. The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbi... • https://patchstack.com/database/vulnerability/chatbot-chatgpt/wordpress-kognetiks-chatbot-for-wordpress-plugin-2-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4560 – Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function
https://notcve.org/view.php?id=CVE-2024-4560
10 May 2024 — The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9. ... El complemento Kognetiks Chatbot for WordPress para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo en la función chatbot_chatgpt_upload_file_to_assistant en todas las versiones hast... • https://plugins.trac.wordpress.org/browser/chatbot-chatgpt/trunk/includes/utilities/chatbot-file-upload.php#L17 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4413 – Hotel Booking Lite <= 4.11.1 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-4413
10 May 2024 — The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. ... El complemento Hotel Booking Lite para WordPress es vulnerable a la inyección de objetos PHP en todas las versiones hasta la 4.11.1 incluida a través de la deserialización de entradas que no son de confianza. • https://plugins.trac.wordpress.org/browser/motopress-hotel-booking-lite/trunk/includes/shortcodes/checkout-shortcode/step-checkout.php#L149 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35672 – WordPress Netgsm plugin <= 2.9.19 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35672
10 May 2024 — The Netgsm plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.9.32. • https://patchstack.com/database/vulnerability/netgsm/wordpress-netgsm-plugin-2-9-16-broken-access-control-vulnerability-2? • CWE-862: Missing Authorization •