CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7269 – ArtPlacer Widget < 2.21.2 - Stored XSS via CSRF
https://notcve.org/view.php?id=CVE-2023-7269
The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack El complemento ArtPlacer Widget de WordPress anterior a 2.21.2 no tiene verificación CSRF en algunos lugares y le falta desinfección y escape, lo que podría permitir a los atacantes hacer que el administrador registrado agregue payloads XSS almacenado a través de un ataque CSRF. The ArtPlacer Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.21.1. This is due to missing or incorrect nonce validation on the 'add-art-placer' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/1e8e1186-323b-473b-a0c4-580dc94020d7 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7268 – ArtPlacer Widget < 2.21.2 - Subscriber+ Arbitrary Widget Deletion
https://notcve.org/view.php?id=CVE-2023-7268
The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets El complemento ArtPlacer Widget de WordPress anterior a 2.21.2 no cuenta con verificación de autorización al eliminar widgets, lo que permite a cualquier usuario autenticado, como el suscriptor, eliminar widgets arbitrarios. The ArtPlacer Widget plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the artplacer_del AJAX action in all versions up to, and including, 2.21.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary widgets. • https://wpscan.com/vulnerability/9ac233dd-e00d-4aee-a41c-0de6e8aaefd7 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6373 – ArtPlacer Widget < 2.20.7 - Editor+ SQLi
https://notcve.org/view.php?id=CVE-2023-6373
The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above) El complemento ArtPlacer Widget de WordPress anterior a 2.20.7 no sanitiza ni escapa del parámetro "id" antes de enviar la consulta, lo que genera un SQLI explotable por los editores y superiores. Nota: Debido a la falta de verificación CSRF, el problema también podría explotarse a través de un CSRF contra un editor registrado (o superior) The ArtPlacer Widget plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in versions up to, and including, 2.20.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://wpscan.com/vulnerability/afc11c92-a7c5-4e55-8f34-f2235438bd1b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •