CVSS: 5.7EPSS: 0%CPEs: -EXPL: 1CVE-2024-27766
https://notcve.org/view.php?id=CVE-2024-27766
An issue in MYSQL MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. • https://github.com/Ant1sec-ops/CVE-2024-27766 https://seclists.org/fulldisclosure/2012/Dec/39 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10079 – WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-10079
If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://plugins.trac.wordpress.org/browser/easy-post-types/tags/1.4.4/custom-type.php#L1318 https://www.wordfence.com/threat-intel/vulnerabilities/id/d038f1a2-4755-417f-965d-508b57c05738?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49324 – WordPress Sovratec Case Management plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49324
The Plugin Name: Sovratec Case Management plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/sovratec-case-management/wordpress-sovratec-case-management-plugin-1-0-0-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49326 – WordPress Affiliator plugin <= 2.1.3 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49326
The Affiliator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.1.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/affiliator-lite/wordpress-affiliator-plugin-2-1-3-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49327 – WordPress Woostagram Connect plugin <= 1.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49327
The Woostagram Connect plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/woostagram-connect/wordpress-woostagram-connect-plugin-1-0-2-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type •