CVE-2024-49254 – WordPress ajax-extend plugin <= 1.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-49254
Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0. • https://patchstack.com/database/vulnerability/ajax-extend/wordpress-ajax-extend-plugin-1-0-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-41997
https://notcve.org/view.php?id=CVE-2024-41997
An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the `warp://action/docker/open_subshell` intent that when clicked by the victim results in command execution on the victim's machine. • https://docs.warp.dev/features/integrations-and-plugins#docker https://docs.warp.dev/getting-started/changelog#id-2024.07.18-v0.2024.07.16.08.02 https://gist.github.com/bhyh/d1ee7a825fce283bf8acbdb42c8a7832 https://github.com/warpdotdev/warp • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-49260 – WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49260
Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en el complemento Limb WordPress Gallery: Limb Image Gallery permite la inyección de código. Este problema afecta al complemento Limb WordPress Gallery: desde n/a hasta 1.5.7. The Limb Gallery | Create Beautiful Image & Video Galleries plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the GRSUploadHandler class in all versions up to, and including, 1.5.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/limb-gallery/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-49271 – WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.121 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-49271
: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows : Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121. : Vulnerabilidad de neutralización inadecuada de elementos especiales utilizados en un motor de plantillas en Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) permite: Inyección de comandos. Este problema afecta a Unlimited Elements For Elementor (Free Widgets, Addons, Templates): desde n/a hasta 1.5.121. The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.121 via the template engine. This is due to the plugin not properly restricting functions that can be called and passed to code execution functions. This makes it possible for authenticated attackers, with Editor-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-free-widgets-addons-templates-plugin-1-5-121-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVE-2024-48042 – WordPress Contact Form by Supsystic plugin <= 1.7.28 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-48042
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28. La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un motor de plantillas en Supsystic Contact Form de Supsystic permite la inyección de comandos. Este problema afecta a Contact Form de Supsystic: desde n/a hasta 1.7.28. The Contact Form by Supsystic plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.28. This is due to the functionality being vulnerable to server-side template injection (SSTI). • https://patchstack.com/database/vulnerability/contact-form-by-supsystic/wordpress-contact-form-by-supsystic-plugin-1-7-28-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •