CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35712 – WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability
https://notcve.org/view.php?id=CVE-2024-35712
06 Jun 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5. La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Jordy Meow Database Cleaner permite el Relative Path Traversal. Este problema afecta a Database Cleaner: desde n/a hasta 1.0.5. The Database Cleaner: Clean, Optimize & Repair plugin... • https://patchstack.com/database/vulnerability/database-cleaner/wordpress-database-cleaner-clean-optimize-repair-plugin-1-0-5-arbitrary-file-read-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0699 – AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url
https://notcve.org/view.php?id=CVE-2024-0699
18 Jan 2024 — The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! para Wo... • https://plugins.trac.wordpress.org/changeset/3021494/ai-engine/trunk/classes/core.php • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51508 – WordPress Database Cleaner Plugin <= 0.9.8 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-51508
27 Dec 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Jordy Meow Database Cleaner: Limpiar, optimizar y reparar. Este problema afecta a Database Cleaner: Limpiar, optimizar y reparar: desde n/a hasta 0.9.8. The Database Cleaner: Clean, Optimize & Repair plugin fo... • https://patchstack.com/database/vulnerability/database-cleaner/wordpress-database-cleaner-plugin-0-9-8-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44982 – WordPress WP Retina 2x Plugin <= 6.4.5 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-44982
28 Nov 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).This issue affects Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina): from n/a through 6.4.5. Exposición de información confidencial en una vulnerabilidad de actor no autorizado en Jordy Meow Perfect Images (administrar tamaños de imagen, miniaturas, reemplazar, Retina). Este problema afecta a Perfect Images (administrar tamaños de imagen, min... • https://patchstack.com/database/vulnerability/wp-retina-2x/wordpress-wp-retina-2x-plugin-6-4-5-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44991 – WordPress Media File Renamer Plugin <= 5.6.9 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-44991
28 Nov 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI).This issue affects Media File Renamer: Rename Files (Manual, Auto & AI): from n/a through 5.6.9. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI). Este problema afecta a Media File Renamer: Rename Files (Manual, Auto & AI): desde n/a hasta 5.6. 9. The Media File ... • https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-6-9-sensitive-data-exposure-via-debug-log-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38513 – WordPress Photo Engine Plugin <= 6.2.5 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-38513
20 Jul 2023 — Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Jordy Meow Photo Engine (Media Organizer & Lightroom). Este problema afecta a Photo Engine (Media Organizer & Lightroom): desde n/a hasta 6.2.5. The Photo Engine plugin for WordPress is vulnerable to Insecure... • https://patchstack.com/database/vulnerability/wplr-sync/wordpress-photo-engine-plugin-6-2-5-insecure-direct-object-references-idor?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2580 – AI-Engine < 1.6.83 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-2580
19 May 2023 — The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). The AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in versions up to, and including, 1.6.82 due to insuf... • https://wpscan.com/vulnerability/7ee1efb1-9969-40b2-8ab2-ea427091bbd8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24465 – Meow Gallery < 4.1.9 - Contributor+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24465
02 Sep 2021 — The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL statement, leading to an authenticated SQL Injection issue. The injection also allows the returned values to be manipulated in a way that could lead to data disclosure and arbitrary objects to be deserialized. El plugin Meow Gallery de WordPress versiones anteriores a 4.1.9, no sanea, ni comprueba, ni escapa del ... • https://wpscan.com/vulnerability/08dbe202-0136-4502-87e7-5e984dc27b16 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-34652 – Media Usage <= 0.0.4 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-34652
13 Aug 2021 — The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4. El plugin Media Usage de WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro id en el archivo ~/mmu_admin.php que permite a atacantes inyectar scripts web arbitrario, en versiones hasta 0.0.4 incluyéndola. • https://plugins.trac.wordpress.org/browser/media-usage/trunk/mmu_admin.php#L91 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36850 – WordPress Media File Renamer – Auto & Manual Rename plugin <= 5.1.9 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2021-36850
08 Apr 2021 — Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Media File Renamer - Auto & Manual Rename de WordPress (versiones versions anteriores a 5.1.9 incluyéndola). Parámetros afectados "post_title", "filename", "loc... • https://patchstack.com/database/vulnerability/media-file-renamer/wordpress-media-file-renamer-plugin-5-1-9-multiple-cross-site-request-forgery-csrf-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •