10
CVE-2024-52373 - WordPress Devexhub Gallery plugin <= 2.0.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery devexhub-gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through <= 2.0.1.
10
CVE-2024-52374 - WordPress Do That Task plugin <= 1.5.5 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task do-that-task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through <= 1.5.5.
10
CVE-2024-52375 - WordPress Datasets Manager by Arttia Creative plugin <= 1.5 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative.This issue affects Datasets Manager by Arttia Creative: from n/a through <= 1.5.
10
CVE-2024-52376 - WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress boat-rental-system allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through <= 1.0.1.
10
CVE-2024-52377 - WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin โฆ
Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through <= 1.5.2.
7.5
CVE-2024-52378 - WordPress DigiPass plugin <= 0.3.0 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64 DigiPass digipass allows Absolute Path Traversal.This issue affects DigiPass: from n/a through <= 0.3.0.
10
CVE-2024-52379 - WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in faizalbahasan kineticPay for WooCommerce kineticpay-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through <= 2.0.8.
10
CVE-2024-52380 - WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through <= 1.0.0.
9.8
CVE-2024-52382 - WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulโฆ
Missing Authorization vulnerability in medmatech Matix Popup Builder medma-matix allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through <= 1.0.0.
7.7
CVE-2024-49362 - Remote Code Execution on click of <a> Link in markdown preview
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. โฆ