VulnCheck KEV: CVE-2023-4220

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS = v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell...

CVE-2024-52476

Unrestricted Upload of File with Dangerous Type vulnerability in Stefan Bohacek Fediverse Embeds fediverse-embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through = 1.5.3...

CVE-2024-52476

CVE-2024-52476 describes an Unrestricted Upload of File with Dangerous Type in the WordPress plugin Fediverse Embeds (versions

CVE-2024-52476 WordPress Fediverse Embeds plugin <= 1.5.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Stefan Bohacek Fediverse Embeds fediverse-embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through = 1.5.3...

CVE-2024-52490

CVE-2024-52490 affects the WordPress Pathomation plugin (versions

CVE-2024-52490 WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through = 2.5.1...

PT-2024-35331 · Unknown · Pathomation

Name of the Vulnerable Software and Affected Versions: Pathomation versions n/a through 2.5.1 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited by uploading harmful files...

CVE-2024-52402

Cross-Site Request Forgery CSRF vulnerability in gunghoinc Exclusive Content Password Protect exclusive-content-password-protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through = 1.1.0...

CVE-2024-52401

Cross-Site Request Forgery CSRF vulnerability in HuangYe WuDeng Hacklog DownloadManager hacklog-downloadmanager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through = 2.1.4...

CVE-2024-52402

CVE-2024-52402 concerns a CSRF to Arbitrary File Upload vulnerability in WordPress plugin Exclusive Content Password Protect (versions

CVE-2024-52401

CVE-2024-52401 affects Hacklog DownloadManager plugin (WordPress). A CSRF to Arbitrary File Upload vulnerability exists in versions 2.1.4 and earlier. The CVE entry notes a high-impact flaw (CVSS v3.1: 9.6, network vector, no privileges, user interaction required, changed scope, complete confiden...

CVE-2024-52401 WordPress Hacklog DownloadManager plugin <=2.1.4 - CSRF to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in HuangYe WuDeng Hacklog DownloadManager hacklog-downloadmanager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through = 2.1.4...

CVE-2024-52401 WordPress Hacklog DownloadManager plugin <=2.1.4 - CSRF to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in 荒野无灯 Hacklog DownloadManager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through 2.1.4...

CVE-2024-52402 WordPress Exclusive Content Password Protect plugin <= 1.1.0 - CSRF to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in Cliconomics Exclusive Content Password Protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through 1.1.0...

PT-2024-35240 · Hacklog · Hacklog Downloadmanager

Name of the Vulnerable Software and Affected Versions: Hacklog DownloadManager versions 2.1.4 and earlier Description: A Cross-Site Request Forgery CSRF issue in Hacklog DownloadManager allows attackers to upload a web shell to a web server. This can be exploited by attackers to gain unauthorized...

CVE-2024-52429

Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0...

CVE-2024-52429 WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through = 2.0...

CVE-2024-52429 WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in AntonHoelstad WP Quick Setup wp-quick-setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through = 2.0...

CVE-2024-52429

CVE-2024-52429 affects WordPress WP Quick Setup plugin (

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 11 - Nov 17)

What do hijacked websites, fake job offers, and sneaky ransomware have in common? They're proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are...