CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10470 – WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion
https://notcve.org/view.php?id=CVE-2024-10470
This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://github.com/RandomRobbieBF/CVE-2024-10470 https://themeforest.net/item/wplms-learning-management-system/6780226 https://www.wordfence.com/threat-intel/vulnerabilities/id/1932c9b4-2fea-40f8-9748-09ded8143c11?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10586 – Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2024-10586
This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. ... This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. • https://github.com/RandomRobbieBF/CVE-2024-10586 https://plugins.trac.wordpress.org/browser/debug-tool/trunk/tools/image-puller.php#L120 https://www.wordfence.com/threat-intel/vulnerabilities/id/5e9d5c93-dcd7-450e-8c52-5c95fc5473d2?source=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51793 – WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-51793
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/computer-repair-shop/wordpress-repairbuddy-plugin-3-8115-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10625 – WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-10625
This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://codecanyon.net/item/woocommerce-support-ticket-system/17930050 https://www.wordfence.com/threat-intel/vulnerabilities/id/ddf1cecd-c630-498d-9aa0-3d0adeb73033?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10627 – WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-10627
This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://codecanyon.net/item/woocommerce-support-ticket-system/17930050 https://www.wordfence.com/threat-intel/vulnerabilities/id/1ac218f6-0bfa-480c-9159-d75a027022ba?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •