CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4019 – Media from FTP < 11.17 - Author+ Arbitrary File Access
https://notcve.org/view.php?id=CVE-2023-4019
The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases. El complemento Media from FTP de WordPress anterior a la versión 11.17 no limita adecuadamente quién puede usar el complemento, lo que puede permitir a los usuarios con privilegios de autor+ mover archivos, como wp-config.php, lo que puede provocar RCE en algunos casos. The Media from FTP plugin for WordPress is vulnerable to improper privilege management due to an insufficient capability check on the plugin's menu pages in versions up to, and including, 11.16. This makes it possible for authenticated attackers, with author-level permissions and above, to modify plugin settings on multi-site installations. • https://wpscan.com/vulnerability/0d323b07-c6e7-4aba-85bc-64659ad0c85d • CWE-269: Improper Privilege Management •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4023 – All Users Messenger <= 1.24 - Subscriber+ Message Deletion via IDOR
https://notcve.org/view.php?id=CVE-2023-4023
The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger. El plugin All Users Messenger WordPress hasta la versión 1.24 no impide a los usuarios no administradores borrar mensajes del mensajero para todos los usuarios. The All Users Messenger plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.24 due to missing validation on a user controlled key. This can allow authenticated attackers with subscriber access to delete arbitrary messages. • https://wpscan.com/vulnerability/682c0226-28bd-4051-830d-8b679626213d • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4036 – Simple Blog Card < 1.32 - Subscriber+ Arbitrary Post Access
https://notcve.org/view.php?id=CVE-2023-4036
The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones El plugin Simple Blog Card WordPress anterior a la versión 1.32 no garantiza que las entradas que se muestren a través de un shortcode sean públicas, lo que permite a cualquier usuario autenticado, como el suscriptor, recuperar cualquier título de entrada y su contenido, como borradores, entradas privadas y protegidas por contraseña. The Simple Blog Card plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.31 via the 'simpleblogcard' function. This can allow authenticated subscriber-level attackers to extract sensitive data including unpublished or password-protected blog posts. • https://wpscan.com/vulnerability/de3e1718-c358-4510-b142-32896ffeb03f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4035 – Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2023-4035
The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks El plugin de WordPress Simple Blog Card anterior a la versión 1.31 no valida y escapa de algunos de sus atributos de shortcode antes de devolverlos a una página/publicación en la que el shortcode está incrustado, lo que podría permitir a los usuarios con el rol de colaborador y superior realizar ataques de Cross-Site Scripting (XSS) Almacenado. The Simple Blog Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/8fd9192a-2d08-4127-adcd-87fb1ea8d6fc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •