CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5222 – Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. <= 3.0.5 - Authenticated (Author+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-5222
The Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Los complementos Responsive Addons – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del cargador de archivos del complemento en todas las versiones hasta la 3.0.5 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de autor y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/browser/responsive-add-ons/tags/3.0.4/includes/class-responsive-add-ons.php#L131 https://plugins.trac.wordpress.org/browser/responsive-add-ons/tags/3.0.4/includes/importers/wxr-importer/class-responsive-ready-sites-wxr-importer.php#L57 https://plugins.trac.wordpress.org/changeset/3094256/responsive-add-ons/trunk/includes/importers/wxr-importer/class-responsive-ready-sites-wxr-importer.php https://www.wordfence.com/threat-intel/vulnerabilities/id/e1af37ed-fcc6-479c-8c53-25ccb9a86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35654 – WordPress Responsive theme <= 5.0.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35654
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive allows Stored XSS.This issue affects Responsive: from n/a through 5.0.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en CyberChimps Responsive permite XSS Almacenado. Este problema afecta a Responsive: desde n/a hasta 5.0.3. The Responsive theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 5.0.3.1 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/responsive/wordpress-responsive-theme-5-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2848 – Responsive <= 5.0.2 - Missing Authorization to HTML Injection
https://notcve.org/view.php?id=CVE-2024-2848
The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into the site's footer. El tema Responsive para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función save_footer_text_callback en todas las versiones hasta la 5.0.2 incluida. Esto hace posible que atacantes no autenticados inyecten contenido HTML arbitrario en el pie de página del sitio. • http://www.openwall.com/lists/oss-security/2024/04/22/1 https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=222494%40responsive&new=222494%40responsive&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/dbe0cc57-a17d-4f91-887f-fe819b32f6b3?source=cve • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45375 – WordPress iFeature Slider plugin <= 1.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-45375
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenado en el complemento iFeature Slider de WordPress en versiones <= 1.2. The iFeature Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/ifeature-slider/wordpress-ifeature-slider-plugin-1-2-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12073 – Responsive Ready Sites Importer <= 2.2.6 - Unprotected AJAX Actions
https://notcve.org/view.php?id=CVE-2020-12073
The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests. El plugin responsive-add-ons en versiones anteriores a la 2.2.7 para Wordpress tiene control de acceso incorrecto para las peticiones wp-admin/admin-ajax.php? acción=. The Responsive Ready Sites Importer for WordPress is vulnerable to authorization bypass due missing capability checks on several AJAX actions in versions up to, and including, 2.2.6. • https://www.wordfence.com/blog/2020/03/severe-flaws-patched-in-responsive-ready-sites-importer-plugin • CWE-863: Incorrect Authorization •