CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31370 – WordPress CodeisAwesome AIKit plugin <= 4.14.1 - Auth. SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-31370
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CodeIsAwesome AIKit.This issue affects AIKit: from n/a through 4.14.1. The AIKit plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.14.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/aikit-wordpress-ai-writing-assistant-using-gpt3/wordpress-codeisawesome-aikit-plugin-4-14-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31350 – WordPress AWP Classifieds plugin <= 4.3.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31350
Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1. Vulnerabilidad de autorización faltante en AWP Classifieds Team AWP Classifieds. Este problema afecta a AWP Classifieds: desde n/a hasta 4.3.1. The AWP Classifieds plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/another-wordpress-classifieds-plugin/wordpress-awp-classifieds-plugin-4-3-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31290 – WordPress Demo My WordPress plugin <= 1.0.9.1 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-31290
Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1. Vulnerabilidad de gestión de privilegios incorrecta en CodeRevolution Demo My WordPress permite la escalada de privilegios. Este problema afecta a Demo My WordPress: desde n/a hasta 1.0.9.1. The Demo My WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.9.1. This is due to insufficient verification on privilege assignment. • https://patchstack.com/database/vulnerability/demo-my-wordpress/wordpress-demo-my-wordpress-plugin-1-0-9-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31285 – WordPress WordPress Tooltips plugin <= 9.5.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31285
Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tooltip WordPress Tooltips permite almacenar XSS. Este problema afecta a la información sobre herramientas de WordPress: desde n/a hasta 9.5.3. The WordPress Tooltips plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 9.4.9. This is due to missing or incorrect nonce validation on several functions. • https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.6EPSS: 0%CPEs: 24EXPL: 1CVE-2024-31210 – PHP file upload bypass via Plugin installer
https://notcve.org/view.php?id=CVE-2024-31210
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credentials are requested for installation (in order to move the file into place outside of the `uploads` directory) then the uploaded file remains temporary available in the Media Library despite it not being allowed. If the `DISALLOW_FILE_EDIT` constant is set to `true` on the site _and_ FTP credentials are required when uploading a new theme or plugin, then this technically allows an RCE when the user would otherwise have no means of executing arbitrary PHP code. This issue _only_ affects Administrator level users on single site installations, and Super Admin level users on Multisite installations where it's otherwise expected that the user does not have permission to upload or execute arbitrary PHP code. • https://github.com/Abo5/CVE-2024-31210 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x79f-xrjv-jx5r • CWE-434: Unrestricted Upload of File with Dangerous Type •