10
CVE-2024-50473 - WordPress Ajar in5 Embed plugin <= 3.1.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed ajar-productions-in5-embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through <= 3.1.3.
4.6
CVE-2024-46872 - Client-Side Path Traversal Leading to CSRF in Playbooks
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in Playbooks
4.3
CVE-2024-47401 - DoS via Amplified GraphQL Response in Playbooks
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1 and 9.5.x <= 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by sen…
4.3
CVE-2024-50052 - Arbitrary post deletion via Playbooks /ignore-thread endpoint
Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 fail to check that the origin of the message in an integration action matches with the original post metadata which allows an authenticated user to delete an arbitrary post.
4.3
CVE-2024-10241 - Private channel names leaked with Ctrl+K when ElasticSearch is enabled
Mattermost versions 9.5.x <= 9.5.9 fail to properly filter the channel data when ElasticSearch is enabled which allows a user to get private channel names by using cmd+K/ctrl+K.
9.9
CVE-2024-50480 - WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80.
10
CVE-2024-50482 - WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.
10
CVE-2024-50484 - WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through <= 1.0.2.
10
CVE-2024-50493 - WordPress Automatic Translation plugin <= 1.0.4 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation automatic-translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through <= 1.0.4.
10
CVE-2024-50494 - WordPress Sudan Payment Gateway for WooCommerce plugin <= 1.2.2 - Arbitrary File Upload vulnerabili…
Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce wc-sudan-payment-gateway allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through <= 1.2.2.