CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49284 – WordPress WP SendFox plugin <= 1.3.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-49284
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1. The WP SendFox plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/wp-sendfox/wordpress-wp-sendfox-plugin-1-3-1-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27970 – WordPress WP SendFox plugin <= 1.3.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-27970
Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0. Vulnerabilidad de autorización faltante en BogdanFix WP SendFox. Este problema afecta a WP SendFox: desde n/a hasta 1.3.0. The WP SendFox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the gb_sf4wp_process_sync() function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to process synchronization. • https://patchstack.com/database/vulnerability/wp-sendfox/wordpress-wp-sendfox-plugin-1-3-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •