Exploit for CVE-2024-7954

Description The porteplume plugin used by SPIP before 4.30-...

UBUNTU-CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

CMSsite 1.0 Shell Upload

============================================================================================================================================= | Title : CMSsite 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...

Alphaware E-Commerce System 1.0 Code Injection

============================================================================================================================================= | Title : Alphaware E-CommerceSystem 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

CVE-2024-6459

The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2024-6459

CVE-2024-6459 affects the News Element Elementor Blog Magazine WordPress plugin (versions prior to 1.0.6). It exposes a Local File Inclusion flaw via the template parameter, allowing an unauthenticated attacker to include and execute PHP files on the server, effectively enabling arbitrary PHP cod...

CVE-2024-7145 JetElements <= 2.6.20 - Authenticated (Contributor+) Arbitrary Local File Inclusion

The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progresstype' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...

CVE-2024-7145

CVE-2024-7145 : JetElements (WordPress) is vulnerable to authenticated Local File Inclusion via the progress_type parameter in versions up to 2.6.20. Exploitation allows an authenticated attacker (Contributor+ level) to include and execute arbitrary PHP files on the server, bypassing some access ...

CVE-2024-7146

CVE-2024-7146 affects JetTabs for Elementor (WordPress plugin) up to v2.2.3. It allows authenticated users with Contributor-level access and above to perform Local File Inclusion via the switcher_preset parameter, enabling inclusion/ execution of arbitrary PHP code on the server and potentially b...

CVE-2024-6460

The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2024-43275

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE...

CVE-2024-43275

...

CVE-2024-43275

The CVE-2024-43275 entry maps to a CSRF vulnerability in the WordPress plugin “Insert PHP Code Snippet” (versions

CVE-2024-43275

...

WordPress Insert PHP Code Snippet plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Insert PHP Code Snippet versions = 1.3.6...

CVE-2024-7420

The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactiva...

CVE-2024-7094

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which...

CVE-2024-7094 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which...

CVE-2024-7094

The CVE-2024-7094 issue affects the WordPress plugin JS Help Desk (JS Help Desk – The Ultimate Help Desk & Support Plugin). It enables PHP code injection leading to remote code execution due to unsanitized user input in storeTheme and missing capability checks, allowing unauthenticated code execu...

CVE-2024-7094 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which...