CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52393 – WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-52393
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15. The Podlove Podcast Publisher plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.1.15. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-1-15-admin-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8614 – WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8614
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento JobSearch WP Job Board para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo en la función jobsearch_wp_handle_upload() en todas las versiones hasta la 2.6.7 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecución remota de código. • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 https://www.wordfence.com/threat-intel/vulnerabilities/id/7832f8fe-2b41-4cfb-a734-db4ec88d91a3?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8615 – WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8615
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento JobSearch WP Job Board para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo en la función jobsearch_location_load_excel_file_callback() en todas las versiones hasta la 2.6.7 incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecución remota de código. • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 https://www.wordfence.com/threat-intel/vulnerabilities/id/dd718d44-4921-4deb-af5a-43e5f3926914?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50520 – WordPress Ancient World Linked Data plugin <= 0.2.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-50520
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter J. Herrel Ancient World Linked Data allows DOM-Based XSS.This issue affects Ancient World Linked Data: from n/a through 0.2.1. The Ancient World Linked Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/ancient-world-linked-data-for-wordpress/wordpress-ancient-world-linked-data-plugin-0-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50496 – WordPress AR For WordPress plugin <= 6.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50496
Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2. The AR For WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/ar-for-wordpress/wordpress-ar-for-wordpress-plugin-6-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •