CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5522 – HTML5 Video Player < 2.5.27 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2024-5522
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks El complemento HTML5 Video Player de WordPress anterior a 2.5.27 no sanitiza ni escapa un parámetro de una ruta REST antes de usarlo en una declaración SQL, lo que permite a usuarios no autenticados realizar ataques de inyección SQL. The HTML5 Video Player – Best WordPress Video Player Plugin and Block plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.26 due to insufficient escaping on a user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://github.com/truonghuuphuc/CVE-2024-5522-Poc https://wpscan.com/vulnerability/bc76ef95-a2a9-4185-8ed9-1059097a506a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6159 – Push Notification for Post and BuddyPress <= 1.93 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2024-6159
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to SQL Injection via the 'onesignal_externalid' and 'onesignal_get_subscriptionoptions_id' paramters in all versions up to, and including, 1.93 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4620 – ArForms < 6.6 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2024-4620
The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form El complemento ARForms - Premium WordPress Form Builder para WordPress anterior a 6.6 permite a los usuarios no autenticados modificar los archivos cargados de tal manera que el código PHP se pueda cargar cuando se incluye una entrada de archivo de carga en un formulario. The ARforms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.5. • https://wpscan.com/vulnerability/dc34dc2d-d5a1-4e28-8507-33f659ead647 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31351 – WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-31351
The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.6. • https://github.com/KTN1990/CVE-2024-31351_wordpress_exploit https://patchstack.com/database/vulnerability/copymatic/wordpress-copymatic-plugin-1-6-unauthenticated-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-32700 – WordPress Kognetiks Chatbot for WordPress plugin <= 2.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-32700
Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Kognetiks Kognetiks Chatbot para WordPress chatbot-chatgpt. Este problema afecta a Kognetiks Chatbot para WordPress: desde n/a hasta 2.0.0. The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.0.0. • https://github.com/nastar-id/CVE-2024-32700 https://patchstack.com/database/vulnerability/chatbot-chatgpt/wordpress-kognetiks-chatbot-for-wordpress-plugin-2-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •