CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50529 – WordPress Training – Courses plugin <= 2.0.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50529
This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/training/wordpress-training-courses-plugin-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50530 – WordPress Stars SMTP Mailer plugin <= 1.7 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50530
This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/stars-smtp-mailer/wordpress-stars-smtp-mailer-plugin-1-7-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50531 – WordPress RSVPMaker for Toastmasters plugin <= 6.2.4 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50531
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/rsvpmaker-for-toastmasters/wordpress-rsvpmaker-for-toastmasters-plugin-6-2-4-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-48093
https://notcve.org/view.php?id=CVE-2024-48093
Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 allows a privileged user to achieve Remote Code Execution via uploading and executing malicious files without validating file extensions or content types. • https://github.com/yamerooo123/CVE/blob/main/CVE-2024-48093/Description.md https://youtu.be/rCYIohrQdxM • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-48112
https://notcve.org/view.php?id=CVE-2024-48112
A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. • https://github.com/nn0nkey/nn0nkey/blob/main/Thinkphp/CVE-2024-48112.md https://github.com/top-think/think • CWE-502: Deserialization of Untrusted Data •