PT-2024-34302 · Unknown · Woocommerce +1

Name of the Vulnerable Software and Affected Versions: Plug your WooCommerce into the largest catalog of customized print products from Helloprint versions n/a through 2.0.2 Description: The issue allows an attacker to upload a web shell to a web server due to an unrestricted upload of file with...

CVE-2024-49674

CVE-2024-49674 : WordPress EKC Tournament Manager plugin (versions ≤ 2.2.1) has a Cross-Site Request Forgery (CSRF) vulnerability that allows uploading a web shell to the web server. Exploitation would enable an attacker to place arbitrary files on the server via CSRF, potentially leading to unau...

CVE-2024-49674 WordPress EKC Tournament Manager plugin <= 2.2.1 - CSRF to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in lukashuser EKC Tournament Manager ekc-tournament-manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through = 2.2.1...

WordPress plugin EKC Tournament Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2024-33626 · Unknown · Ekc Tournament Manager

Name of the Vulnerable Software and Affected Versions: EKC Tournament Manager versions n/a through 2.2.1 Description: A Cross-Site Request Forgery CSRF issue allows attackers to upload a web shell to a web server. This can be exploited by attackers to gain unauthorized access to the server...

CVE-2024-50510

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through = 6.3...

CVE-2024-50511

Unrestricted Upload of File with Dangerous Type vulnerability in donimedia WP donimedia carousel wp-donimedia-carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through = 1.0.1...

CVE-2024-50510

CVE-2024-50510 affects the WordPress AR For Woocommerce plugin with affected versions n/a through 6.2. The issue is an unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to the web server. The CVSS vector indicates a critical, unauthenticated, network-ex...

CVE-2024-50510 WordPress AR For Woocommerce plugin <= 6.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through = 6.3...

CVE-2024-50510 WordPress AR For Woocommerce plugin <= 6.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in webandprint AR For Woocommerce ar-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects AR For Woocommerce: from n/a through = 6.3...

CVE-2024-50511 WordPress WP donimedia carousel plugin <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in donimedia WP donimedia carousel wp-donimedia-carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through = 1.0.1...

CVE-2024-50511

CVE-2024-50511 affects WordPress WP donimedia carousel plugin versions 1.0.1 and earlier. The vulnerability is an unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to the target server. This corresponds to an Arbitrary File Upload flaw in the plugin, wi...

PT-2024-34287 · WordPress · Wp Donimedia Carousel

Name of the Vulnerable Software and Affected Versions: WP donimedia carousel versions 1.0.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, potentially enabling an attacker to upload a web shell to a web server. Recommendations: For WP donimedi...

PT-2024-34286 · WordPress · Ean For Woocommerce

Name of the Vulnerable Software and Affected Versions: AR For Woocommerce versions n/a through 6.2 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. Recommendations: For versions n/a through 6.2,...

CVE-2024-50420

Unrestricted Upload of File with Dangerous Type vulnerability in aDirectory aDirectory adirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through = 1.3...

CVE-2024-50420

CVE-2024-50420 (WordPress aDirectory plugin

CVE-2024-50473 WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through = 3.1.3...

CVE-2024-50473

CVE-2024-50473 : Ajar in5 Embed for WordPress is vulnerable to unauthenticated arbitrary file upload up to version 3.1.3 due to missing file-type validation. This unrestricted upload allows placing files (e.g., web shells) on the server (upload path shown in PoC: /wp-content/uploads/2024/php5/). ...

CVE-2024-50493

Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through = 1.0.4...

CVE-2024-50494

Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce wc-sudan-payment-gateway allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through = 1.2.2...