CVE-2024-6313

The Gutenberg Forms plugin for WordPress is vulnerable to arbitrary file uploads due to the users can specify the allowed file types in the 'upload' function in versions up to, and including, 2.2.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2024-6313

The CVE 2024-6313 entry concerns Gutenberg Forms – WordPress Form Builder Plugin. The Red Hat advisory and Wordfence vulnerability data indicate an unauthenticated arbitrary file upload in the plugin’s upload handling (versions up to and including 2.2.9), arising from insufficient validation of a...

CVE-2024-6123

CVE-2024-6123 (Bit Form, WordPress): The Bit Form plugin (WordPress) versions up to and including 2.13.3 are vulnerable to arbitrary file uploads due to missing file type validation in the iconUpload function. This allows an attacker with administrator-level or higher privileges to upload arbitra...

EUVD-2024-47302

The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'getcacheimage' function in all versions up to, and including, 1.0.2.3. This makes it possible for authenticated attackers, with contributor-level and above...

CVE-2024-6161

CVE-2024-6161 affects the Default Thumbnail Plus WordPress plugin. The vulnerability stems from missing file type validation in the get_cache_image function, affecting all versions up to 1.0.2.3. This allows authenticated attackers with contributor-level (or higher) permissions to upload arbitrar...

CVE-2024-5441

The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimage function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to uploa...

CVE-2024-5441

The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimage function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to uploa...

CVE-2024-5441

CVE-2024-5441 affects Modern Events Calendar (WordPress) up to 7.11.0. The vulnerability arises from missing file type validation in set_featured_image, enabling authenticated users with Subscriber+ to upload arbitrary files, potentially leading to remote code execution. Red Hat confirms the cond...

EUVD-2024-46662

The Modern Events Calendar plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimage function in all versions up to, and including, 7.11.0. This makes it possible for authenticated attackers, with subscriber access and above, to uploa...

WordPress plugin Bit Form security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin IQ Testimonials security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

WordPress plugin Default Thumbnail Plus security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin Gutenberg Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-10055 · Lenovo · Lenovo Xclarity Controller

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Controller XCC affected versions not specified Description: A privilege escalation issue was discovered in the SSH captive command shell interface. This could allow an authenticated XCC user with elevated privileges to perform...

PT-2024-37537 · WordPress · Generate Pdf Using Contact Form 7

Name of the Vulnerable Software and Affected Versions: Generate PDF using Contact Form 7 plugin for WordPress versions up to, and including, 4.0.6 Description: The issue is due to missing nonce validation and missing file type validation in the wp cf7 pdf dashboard html page function, making it...

PT-2024-10056 · Lenovo · Lenovo Xclarity Controller

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Controller XCC for Lenovo ThinkSystem servers affected versions not specified Description: The issue is related to a lack of neutralization of special elements, which could allow a remote attacker to execute arbitrary commands...

PT-2024-27535

Name of the Vulnerable Software and Affected Versions Andy Moyle Church Admin versions n/a through 4.4.6 Description The issue allows an attacker to upload a web shell to a web server due to an unrestricted upload of file with dangerous type vulnerability. This enables potential remote code...

The vulnerability of SAP Document Builder in creating and managing documents allows for unlimited uploading of sensitive files, enabling an attacker to gain access to read, modify, or delete data.

The vulnerability of SAP Document Builder for document creation and management lies in its ability to allow unlimited uploading of sensitive files. Exploiting this vulnerability could enable a malicious actor to gain read, modify, or delete access to data...

CVE-2024-6319

The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitra...

CVE-2024-6318

The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadimgfile' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload...