CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10508 – RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery
https://notcve.org/view.php?id=CVE-2024-10508
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts. • https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.2.6/public/controllers/class_rm_login_controller.php#L239 https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/6.0.2.6/public/controllers/class_rm_login_controller.php#L241 https://plugins.trac.wordpress.org/changeset/3181174/custom-registration-form-builder-with-submission-manager/trunk/public/controllers/class_rm_login_controller.php https://www.wordfence.com/t • CWE-230: Improper Handling of Missing Values •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9864 – EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-9864
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when front-end users can submit new events with tickets. • https://plugins.trac.wordpress.org/changeset/3170503 https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2a66cb-ad13-428f-a25a-b2807450aa16?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9865 – EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log
https://notcve.org/view.php?id=CVE-2024-9865
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ep_booking_attendee_fields’ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the transaction log for a booking. • https://plugins.trac.wordpress.org/changeset/3170503 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3168585%40eventprime-event-calendar-management&new=3168585%40eventprime-event-calendar-management&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/18ded977-5297-4b6f-b9f3-0567f995d08a?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9829 – Download Plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) User Metadata and Comment Download
https://notcve.org/view.php?id=CVE-2024-9829
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download any comment, and download metadata for any user including user PII and sensitive information including username, email, hashed passwords and application passwords, session token information and more depending on set up and additional plugins installed. • https://plugins.trac.wordpress.org/browser/download-plugin/trunk/download-plugin.php#L242 https://plugins.trac.wordpress.org/browser/download-plugin/trunk/download-plugin.php#L262 https://plugins.trac.wordpress.org/browser/download-plugin/trunk/download-plugin.php#L335 https://plugins.trac.wordpress.org/changeset/3170600 https://www.wordfence.com/threat-intel/vulnerabilities/id/e0891211-e4b3-4dcf-8ee0-e20abeb91640?source=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8861 – ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8861
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/admin/class-profile-magic-admin.php#L2065 https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/includes/class-profile-magic.php#L268 https://plugins.trac.wordpress.org/changeset/3157510 https://wordpress.org/plugins/profilegrid-user-profiles-groups-and-communities/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/2d3188c2-e5b0-4d83-8c92-ae6b409c92f9?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •