CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51836 – WordPress Wezido plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-51836
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Teconce Wezido allows DOM-Based XSS.This issue affects Wezido: from n/a through 1.2. The Wezido plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wezido-elementor-addon-based-on-easy-digital-downloads/wordpress-wezido-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49242 – WordPress Digital Lottery plugin <= 3.0.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49242
Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5. La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en Shafiq Digital Lottery permite cargar un shell web a un servidor web. Este problema afecta a Digital Lottery: desde n/a hasta 3.0.5. The Digital Lottery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/digital-lottery/wordpress-digital-lottery-plugin-3-0-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22170 – Unchecked buffer in Dynamic DNS client
https://notcve.org/view.php?id=CVE-2024-22170
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP responses provided to the ddns-start program. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. • https://www.westerndigital.com/support/product-security/wdc-24005-western-digital-my-cloud-os-5-firmware-5-29-102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8585 – LEARNING DIGITAL Orca HCM - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2024-8585
Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files. • https://www.twcert.org.tw/en/cp-139-8042-f9f26-2.html https://www.twcert.org.tw/tw/cp-132-8041-dfbf9-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43162 – WordPress Easy Digital Downloads plugin <= 3.2.12 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43162
Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12. The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-12-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •