CVE-2024-56050

CVE-2024-56050: Unrestricted Upload of File with Dangerous Type in WPLMS (WordPress LMS by VibeThemes) permits uploading a web shell to the web server. Affected: WPLMS

CVE-2024-56052 WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplmsplugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.5.2...

CVE-2024-56052 WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplmsplugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.5.2...

CVE-2024-56057 WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplmsplugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.5.2...

CVE-2024-54262 WordPress Import Export For WooCommerce plugin <= 1.6.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in sidngr Import Export For WooCommerce import-export-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through = 1.6.2...

CVE-2024-54214 WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Roninwp Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18...

PT-2024-36092 · Revy · Revy

Name of the Vulnerable Software and Affected Versions: Revy versions 1.1 through 1.18 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential takeover o...

VulnCheck KEV: CVE-2023-4220

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS = v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell...

CVE-2024-52429

Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0...

PT-2024-35256 · Unknown · Eugen Bobrowski Debug Tool

Name of the Vulnerable Software and Affected Versions: Eugen Bobrowski Debug Tool versions n/a through 2.2 Description: The issue is related to a Missing Authorization vulnerability in the Eugen Bobrowski Debug Tool, which allows an attacker to upload a web shell to a web server. Recommendations:...

PT-2024-35211 · Unknown · Do That Task

Name of the Vulnerable Software and Affected Versions: Do That Task versions 1.5.5 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access to the...

PT-2024-34919 · Unknown · Dang Ngoc Binh Audio Record

Name of the Vulnerable Software and Affected Versions: Dang Ngoc Binh Audio Record versions n/a through 1.0 Description: The issue allows an attacker to upload a web shell to a web server due to an unrestricted upload of file with dangerous type vulnerability. This enables remote hackers to uploa...

PT-2024-34306 · Unknown · Rudra Innovative Software Training – Courses

Name of the Vulnerable Software and Affected Versions: Rudra Innovative Software Training – Courses versions prior to 2.0.1 Description: The issue allows unauthorized upload of malicious files, specifically a web shell, to a web server. This poses a significant risk to the security of the web...

WordPress plugin EKC Tournament Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2024-33626 · Unknown · Ekc Tournament Manager

Name of the Vulnerable Software and Affected Versions: EKC Tournament Manager versions n/a through 2.2.1 Description: A Cross-Site Request Forgery CSRF issue allows attackers to upload a web shell to a web server. This can be exploited by attackers to gain unauthorized access to the server...

PT-2024-34286 · WordPress · Ean For Woocommerce

Name of the Vulnerable Software and Affected Versions: AR For Woocommerce versions n/a through 6.2 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. Recommendations: For versions n/a through 6.2,...

CVE-2024-50496

Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2...

CVE-2024-49668 WordPress Verbalize WP plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in christopherdewese1099 Verbalize WP verbalize-wp allows Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through = 1.0...

WordPress plugin Woocommerce Custom Profile Picture 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

CVE-2024-49607

Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0...