CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5604 – Bug Library < 2.1.2 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-5604
28 Jun 2024 — The Bug Library WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento Bug Library de WordPress anterior a 2.1.2 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site ... • https://wpscan.com/vulnerability/29985150-8d49-4a3f-8411-5d7263b424d8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5450 – Bug Library < 2.1.1 - Unauthenticated RCE
https://notcve.org/view.php?id=CVE-2024-5450
22 Jun 2024 — The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files El complemento Bug Library de WordPress anterior a 2.1.1 no verifica el tipo de archivo en los informes de errores enviados por los usuarios, lo que permite a un usuario no autenticado cargar archivos PHP. The Bug Library plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the add_bug_field function in a... • https://wpscan.com/vulnerability/d91217bc-9f8f-4971-885e-89edc45b2a4d • CWE-434: Unrestricted Upload of File with Dangerous Type •