CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35712 – WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability
https://notcve.org/view.php?id=CVE-2024-35712
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5. La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Jordy Meow Database Cleaner permite el Relative Path Traversal. Este problema afecta a Database Cleaner: desde n/a hasta 1.0.5. The Database Cleaner: Clean, Optimize & Repair plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.5 via the get_logs() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/vulnerability/database-cleaner/wordpress-database-cleaner-clean-optimize-repair-plugin-1-0-5-arbitrary-file-read-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0699 – AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url
https://notcve.org/view.php?id=CVE-2024-0699
The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo en la función 'add_image_from_url' en todas las versiones hasta la 2.1.4 incluida. • https://plugins.trac.wordpress.org/changeset/3021494/ai-engine/trunk/classes/core.php https://www.wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51508 – WordPress Database Cleaner Plugin <= 0.9.8 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-51508
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Jordy Meow Database Cleaner: Limpiar, optimizar y reparar. Este problema afecta a Database Cleaner: Limpiar, optimizar y reparar: desde n/a hasta 0.9.8. The Database Cleaner: Clean, Optimize & Repair plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.8 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including system and plugin configuration. • https://patchstack.com/database/vulnerability/database-cleaner/wordpress-database-cleaner-plugin-0-9-8-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44991 – WordPress Media File Renamer Plugin <= 5.6.9 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-44991
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI).This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI). Este problema afecta a Media File Renamer: Rename Files (Manual, Auto & AI): desde n/a hasta 5.6. 9. The Media File Renamer: Rename Files (Manual, Auto & AI) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.9 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including file upload events and paths. • https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-6-9-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44982 – WordPress WP Retina 2x Plugin <= 6.4.5 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-44982
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5. Exposición de información confidencial en una vulnerabilidad de actor no autorizado en Jordy Meow Perfect Images (administrar tamaños de imagen, miniaturas, reemplazar, Retina). Este problema afecta a Perfect Images (administrar tamaños de imagen, miniaturas, reemplazar, Retina): desde n/a hasta 6.4. 5. The Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.5 due to guessable log file names. This makes it possible for unauthenticated attackers to extract sensitive data. • https://patchstack.com/database/vulnerability/wp-retina-2x/wordpress-wp-retina-2x-plugin-6-4-5-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •