CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38749 – WordPress Olive One Click Demo Import plugin <= 1.1.2 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-38749
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Olive Themes Olive One Click Demo Import allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Olive One Click Demo Import: from n/a through 1.1.2. The Olive One Click Demo Import plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to extract potentially sensitive information. • https://patchstack.com/database/vulnerability/olive-one-click-demo-import/wordpress-olive-one-click-demo-import-plugin-1-1-2-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2702 – WordPress Olive One Click Demo Import plugin <= 1.1.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-2702
Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. The Olive One Click Demo Import plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability checking on several rest routes in versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to perform unauthorized actions. CVE-2024-32715 appears to be a duplicate of this issue. • https://patchstack.com/database/vulnerability/olive-one-click-demo-import/wordpress-olive-one-click-demo-import-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29102 – WordPress Olive One Click Demo Import Plugin <= 1.1.1 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-29102
Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Olive Themes Olive One Click Demo Import. Este problema afecta a Olive One Click Demo Import: desde n/a hasta 1.1.1. The Olive One Click Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the olive_one_click_demo_import_save_file function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level privileges and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/olive-one-click-demo-import/wordpress-olive-one-click-demo-import-plugin-1-0-9-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •