CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35716 – WordPress Copymatic plugin <= 1.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35716
Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.9. Vulnerabilidad de autorización faltante en Copymatic Copymatic – AI Content Writer & Generator. Este problema afecta a Copymatic – AI Content Writer & Generator: desde n/a hasta 1.9. The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the copymatic_import_article() function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to import articles. • https://patchstack.com/database/vulnerability/copymatic/wordpress-copymatic-plugin-1-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31351 – WordPress Copymatic plugin <= 1.6 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-31351
Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6. Vulnerabilidad de carga sin restricciones de archivos de tipo peligroso en Copymatic Copymatic – AI Content Writer & Generator. Este problema afecta a Copymatic – AI Content Writer & Generator: desde n/a hasta 1.6. The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://github.com/KTN1990/CVE-2024-31351_wordpress_exploit https://patchstack.com/database/vulnerability/copymatic/wordpress-copymatic-plugin-1-6-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •