2 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicator & Migration plugin. This makes it possible for unauthenticated attackers to include any local files that end in '-settings.php' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento WP STAGING Pro WordPress Backup Plugin para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 5.6.0 incluida. Esto se debe a una validación nonce faltante o incorrecta en el parámetro 'sub' llamado desde el complemento de copia de seguridad de WordPress WP STAGING - Duplicador de copia de seguridad y complemento de migración. • https://plugins.trac.wordpress.org/browser/wp-staging/trunk/Backend/views/settings/tabs/remote-storages.php#L14 https://wp-staging.com https://www.wordfence.com/threat-intel/vulnerabilities/id/2a99a21c-d4f1-4cdb-b1f1-31b3cf666b80?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1

The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract sensitive data from a log file, including system information and (in the Pro version) license keys. Successful exploitation requires an administrator to have used the 'Contact Us' functionality along with the "Enable this option to automatically submit the log files." option. Los complementos WP STAGING y WP STAGING Pro para WordPress son vulnerables a la exposición de información confidencial en versiones hasta la 3.4.3 incluida, y versiones hasta la 5.4.3 incluida, respectivamente, a través de la función ajaxSendReport. Esto hace posible que atacantes no autenticados extraigan datos confidenciales de un archivo de registro, incluida información del sistema y (en la versión Pro) claves de licencia. • https://github.com/IvanGlinkin/CVE-2024-36821 https://plugins.trac.wordpress.org/changeset/3076275/wp-staging https://wp-staging.com/wp-staging-changelog https://wp-staging.com/wp-staging-pro-changelog https://www.wordfence.com/threat-intel/vulnerabilities/id/75eab54b-dbe0-4440-b4ab-601c5041e180?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •