CVSS: 6.1EPSS: %CPEs: 1EXPL: 0CVE-2024-11225 – Premium Packages – Sell Digital Products Securely <= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg
https://notcve.org/view.php?id=CVE-2024-11225
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.9.3/includes/libs/functions.php#L420 https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.9.3/includes/libs/functions.php#L422 https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/tags/5.9.3/includes/libs/functions.php#L584 https://wordpress.org/plugins/wpdm-premium-packages/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e847fd-0932-4d65-a201-b86e39a33588?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10164 – Premium Packages - Sell Digital Products Securely <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdmpp_pay_link Shortcode
https://notcve.org/view.php?id=CVE-2024-10164
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmpp_pay_link shortcode in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://www.wordfence.com/threat-intel/vulnerabilities/id/0c1758fc-5b0b-4071-b31b-1d72e34cc924?source=cve https://wordpress.org/plugins/wpdm-premium-packages/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7386 – Premium Packages – Sell Digital Products Securely <= 5.9.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2024-7386
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the wpdmpp_async_request() function. This makes it possible for unauthenticated attackers to perform actions such as initiating refunds via a forged request granted they can trick a site administrator or shop manager into performing an action such as clicking on a link. The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce validation on the addRefund() function. • https://plugins.trac.wordpress.org/browser/wpdm-premium-packages/trunk/wpdm-premium-packages.php?rev=3102989#L1148 https://www.wordfence.com/threat-intel/vulnerabilities/id/0a714536-c6fd-495b-b774-104657329a74?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3156970%40wpdm-premium-packages&new=3156970%40wpdm-premium-packages&sfp_email=&sfph_mail= • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7486 – MultiPurpose <= 1.2.0 - Authenticated (Contributor+) PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-7486
The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpeden_post_meta' post meta. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. El tema MultiPurpose para WordPress es vulnerable a la inyección de objetos PHP en todas las versiones hasta la 1.2.0 incluida a través de la deserialización de entradas que no son de confianza a través del meta de publicación 'wpeden_post_meta'. • https://themes.trac.wordpress.org/browser/multipurpose/1.2.0/functions.php#L134 https://www.wordfence.com/threat-intel/vulnerabilities/id/e029bc15-8128-42d1-8874-b0689312cb35?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7560 – News Flash <= 1.1.0 - Authenticated (Editor+) PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-7560
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. El tema News Flash para WordPress es vulnerable a la inyección de objetos PHP en todas las versiones hasta la 1.1.0 incluida a través de la deserialización de entradas no confiables del metavalor newsflash_post_meta. • https://themes.trac.wordpress.org/browser/news-flash/1.1.0/page.php#L8 https://www.wordfence.com/threat-intel/vulnerabilities/id/d5631826-6975-41e9-a896-f2aa0581334f?source=cve • CWE-502: Deserialization of Untrusted Data •