CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43137 – WordPress WappPress Basic plugin <= 6.0.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43137
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WappPress Team WappPress allows Stored XSS.This issue affects WappPress: from n/a through 6.0.4. The WappPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 6.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-basic-plugin-6-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38758 – WordPress WappPress plugin <= 6.0.4 - Blind Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-38758
Server-Side Request Forgery (SSRF) vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 6.0.4. Vulnerabilidad de Server-Side Request Forgery (SSRF) en WappPress Team WappPress. Este problema afecta a WappPress: desde n/a hasta 6.0.4. The WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-plugin-6-0-4-blind-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49815 – WordPress WappPress plugin <= 5.0.3 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-49815
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WappPress Team WappPress. Este problema afecta a WappPress: desde n/a hasta 5.0.3. The WappPress – Create Mobile App for any WordPress site with our Mobile App Builder in just 1 minute plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 5.0.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wapppress-builds-android-app-for-website/wordpress-wapppress-plugin-5-0-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •