CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42460 – WordPress Traffic Manager plugin <= 1.4.5 - Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-42460
Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. Vulnerabilidad de Control de Acceso Roto que conduce a Cross-Site Scripting (XSS) Almacenado en el complemento Traffic Manager en WordPress en versiones <= 1.4.5. The Traffic Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/traffic-manager/wordpress-traffic-manager-plugin-1-4-5-broken-access-control-vulnerability-leading-to-stored-cross-site-scripting-xss?_s_id=cve https://wordpress.org/plugins/traffic-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41695 – WordPress Traffic Manager Plugin <= 1.4.5 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2022-41695
Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5. Vulnerabilidad de autorización faltante en SedLex Traffic Manager. Este problema afecta a Traffic Manager: desde n/a hasta 1.4.5. The Traffic Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access functionality or information not intended for them. • https://patchstack.com/database/vulnerability/traffic-manager/wordpress-traffic-manager-plugin-1-4-5-multiple-vulnerabilities?_s_id=cve • CWE-862: Missing Authorization •