The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulnerability. Attackers can upload PHP files disguised with image extensions and then rename them back to .php using the plugin's built-in rename functionality, bypassing all upload restrictions.
The AIT CSV Import/Export WordPress plugin through version 3.0.3 allows unauthorized arbitrary file uploads without file type validation. The upload handler in upload-handler.php is accessible without authentication, enabling remote attackers to deploy PHP webshells and achieve code execution on the WordPress server.
The WPBookit WordPress plugin (versions ≤1.0.4) contains a critical arbitrary file upload vulnerability in the image_upload_handle() function due to missing file type validation, allowing unauthenticated attackers to upload malicious files and potentially achieve remote code execution. With a CVSS score of 9.8, network-accessible attack vector, and no authentication requirement, this vulnerability poses an immediate and severe threat to any WordPress installation using the affected plugin.
CVE-2023-38036 is a critical unauthenticated buffer overflow vulnerability in Ivanti Avalanche Manager prior to version 6.4.1 that allows remote attackers to cause denial of service or achieve arbitrary code execution without authentication. With a CVSS score of 9.8 and network-based attack vector, this vulnerability has significant real-world exploitability risk and affects all organizations deploying vulnerable Avalanche Manager instances.