CVE-2024-34416 – WordPress Pk Favicon Manager plugin <= 2.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-34416
This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/phpsword-favicon-manager/wordpress-pk-favicon-manager-plugin-2-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-33294
https://notcve.org/view.php?id=CVE-2024-33294
An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. Un problema en el sistema de librería que usa PHP/MySQli con Source Code V1.0 permite a un atacante remoto ejecutar código arbitrario a través de la variable _FAILE en el componente Student_edit_photo.php. • https://github.com/CveSecLook/cve/issues/16 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-34411 – WordPress canvasio3D Light plugin <= 2.5.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-34411
This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/canvasio3d-light/wordpress-canvasio3d-light-plugin-2-5-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-4346 – Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-4346
This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. • https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7 https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets https://www.wordfence.com/threat-intel/vulnerabilities/id/a125bbf1-8ff6-4f3d-a4fb-caaaefe1df2a?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-4345 – Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-4345
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/startklar-elmentor-forms-extwidgets/trunk/startklarDropZoneUploadProcess.php?rev=3061298#L7 https://plugins.trac.wordpress.org/changeset/3081987/startklar-elmentor-forms-extwidgets https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •