Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-35066

Malicious code in bioql PyPI...

7.6CVSS6.5AI score0.00333EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/02/24 2:41 p.m.358 views

Exploit for CVE-2024-9698

CVE-2024-9698 Crafthemes Demo Import " 🔥 Example O...

7.2CVSS9.5AI score0.01725EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 11:31 a.m.11 views

CVE-2024-34800

Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crafthemes Demo Import: from n/a through = 3.3...

7.6CVSS5.9AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:19 a.m.5 views

CVE-2024-9698

The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'processuploadedfiles' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and...

7.2CVSS7.7AI score0.01725EPSS
Exploits1References1
NVD
NVD
added 2024/12/14 5:15 a.m.8 views

CVE-2024-9698

The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'processuploadedfiles' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and...

7.2CVSS0.01725EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/12/14 4:23 a.m.8 views

CVE-2024-9698 Crafthemes Demo Import <= 3.3 - Authenticated (Admin+) Arbitrary File Upload in process_uploaded_files

The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'processuploadedfiles' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and...

7.2CVSS7.7AI score0.01725EPSS
Exploits1References2
CVE
CVE
added 2024/12/14 4:23 a.m.46 views

CVE-2024-9698

CVE-2024-9698 affects Crafthemes Demo Import plugin for WordPress. The vulnerability is an authenticated Arbitrary File Upload in process_uploaded_files (versions ≤ 3.3) caused by missing file-type validation, with potential for remote code execution on the affected site. A public exploit for thi...

7.2CVSS7.3AI score0.01725EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/12/14 12:0 a.m.6 views

WordPress plugin Crafthemes Demo Import 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A code issue vulnerability exists in WordPress plugin...

7.2CVSS8.5AI score0.01725EPSS
Exploits1References2
NVD
NVD
added 2024/06/10 4:15 p.m.19 views

CVE-2024-34800

Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crafthemes Demo Import: from n/a through = 3.3...

7.6CVSS0.00333EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/10 3:41 p.m.15 views

CVE-2024-34800 WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary Plugin Installation vulnerability

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through 3.3...

7.6CVSS7.2AI score0.00333EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/10 3:41 p.m.37 views

CVE-2024-34800 WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary plugin Installation vulnerability

Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crafthemes Demo Import: from n/a through = 3.3...

7.6CVSS0.00333EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.13 views

Crafthemes Demo Import <= 3.3 - Missing Authorization to Arbitrary Plugin Installation

Description The Crafthemes Demo Import plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the ctctdiinstallplugin function in versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...

7.6CVSS6.7AI score0.00333EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/05/20 9:31 a.m.3 views

WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary Plugin Installation vulnerability

Arbitrary Plugin Installation vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Crafthemes Demo Import versions = 3.3...

7.6CVSS7AI score0.00333EPSS
Exploits0Affected Software1
Rows per page
Query Builder