EUVD-2024-35502

Malicious code in bioql PyPI...

Upunzipper <= 1.0.0 - Authenticated (Admin+) Arbitrary File Deletion

Description The Upunzipper plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with administrator-level access and above, to delete arbitrary files on the server which can lead to remote cod...

CVE-2024-35744

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0...

CVE-2024-35744

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0...

CVE-2024-35744 WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0...

CVE-2024-35744

CVE-2024-35744 describes an improper limitation of a pathname to a restricted directory (path traversal) in Upunzipper for WordPress, affecting Upunzipper versions from n/a through 1.0.0. The NVD Base Score is 6.5 (Medium) with I/H and A/H; Patchstack CNA lists a separate base score of 8.6 (High)...

CVE-2024-35744 WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0...

WordPress plugin Upunzipper path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by YCInfosec Patchstack Alliance in WordPress Plugin Upunzipper versions = 1.0.0...

WordPress Upunzipper Plugin <= 1.0.0 is vulnerable to Arbitrary File Deletion

Software Upunzipper Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Deletion CVE CVE-2024-35744 Patch priority Low CVSS severity Low 8.6 Developer Claim ownership PSID 20a11d86aa33 Credits YCInfosec Required privilege...