Lucene search
K

65 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 4:58 a.m.6 views

CVE-2024-10801

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on...

9.8CVSS7.9AI score0.00829EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/11/13 7:50 a.m.4 views

WordPress User Extra Fields plugin <= 16.6 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Chloe Chamberland in WordPress Plugin User Extra Fields versions = 16.6...

9.8CVSS7AI score0.01339EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/13 7:49 a.m.6 views

WordPress User Extra Fields plugin <= 16.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin User Extra Fields versions = 16.6...

8.8CVSS7AI score0.00789EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/13 5:15 a.m.3 views

CVE-2024-11150

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...

9.8CVSS6.4AI score0.01339EPSS
Exploits0References2
NVD
NVD
added 2024/11/13 5:15 a.m.29 views

CVE-2024-11150

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...

9.8CVSS0.01339EPSS
Exploits0References2
NVD
NVD
added 2024/11/13 5:15 a.m.13 views

CVE-2024-10800

The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajaxsavefields function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to ad...

8.8CVSS0.00789EPSS
Exploits0References2
OSV
OSV
added 2024/11/13 5:15 a.m.5 views

CVE-2024-10800

The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajaxsavefields function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to ad...

8.8CVSS7.3AI score0.00789EPSS
Exploits0References2
CVE
CVE
added 2024/11/13 4:29 a.m.89 views

CVE-2024-11150

CVE-2024-11150 affects WordPress User Extra Fields (WordPress plugin). The issue is an unauthenticated arbitrary file deletion vulnerability caused by insufficient file path validation in delete_tmp_uploaded_file() across all versions up to and including 16.6. This could allow an unauthenticated ...

9.8CVSS9.8AI score0.01339EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/13 4:29 a.m.19 views

CVE-2024-11150 WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...

9.8CVSS8.2AI score0.01339EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/13 4:29 a.m.40 views

CVE-2024-11150 WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...

9.8CVSS0.01339EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/13 4:29 a.m.22 views

CVE-2024-10800 WordPress User Extra Fields <= 16.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajaxsavefields function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to ad...

8.8CVSS0.00789EPSS
Exploits0References2
CVE
CVE
added 2024/11/13 4:29 a.m.89 views

CVE-2024-10800

CVE-2024-10800 : WordPress User Extra Fields plugin (

8.8CVSS8.7AI score0.00789EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.22 views

WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Arbitrary File Deletion

Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Deletion CVE CVE-2024-11150 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b9352f46ad9 Credits Chloe Chamberland Require...

9.8CVSS6.6AI score0.01339EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.4 views

WordPress plugin User Extra Fields 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

9.8CVSS8.2AI score0.01339EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.7 views

PT-2024-16790 · WordPress · Wordpress User Extra Fields

Name of the Vulnerable Software and Affected Versions: WordPress User Extra Fields plugin versions up to, and including, 16.6 Description: The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete tmp...

9.8CVSS9.9AI score0.01339EPSS
Exploits0References13
CNNVD
CNNVD
added 2024/11/13 12:0 a.m.7 views

WordPress plugin User Extra Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

8.8CVSS8AI score0.00789EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/13 12:0 a.m.20 views

WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Privilege Escalation

Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2024-10800 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 90d7101cbd67 Credits Tonn Required privilege...

8.8CVSS6.5AI score0.00789EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/11/09 8:15 a.m.9 views

CVE-2024-10801

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on...

9.8CVSS0.00829EPSS
Exploits0References2
CVE
CVE
added 2024/11/09 7:35 a.m.48 views

CVE-2024-10801

CVE-2024-10801 affects the WordPress plugin User Extra Fields . The vulnerability stems from missing file type validation in the ajax_manage_file_chunk_upload() function across all versions up to 16.5. This allows unauthenticated attackers to upload arbitrary files to the affected site, with the ...

9.8CVSS9.9AI score0.00829EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/09 2:56 a.m.5 views

WordPress User Extra Fields plugin <= 16.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin User Extra Fields versions = 16.5...

9.8CVSS7AI score0.00829EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder