CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25059 – Download Plugin < 2.0.0 - Subscriber+ Website Download
https://notcve.org/view.php?id=CVE-2021-25059
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website. El complemento Download Plugin de WordPress anterior a 2.0.0 no valida adecuadamente que un usuario tenga los privilegios necesarios para acceder al identificador nonce de una copia de seguridad, lo que puede permitir a cualquier usuario con una cuenta en el sitio (como un suscriptor) descargar una copia completa del sitio web. The Download Plugin plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.6.2 due to missing capability checks on the dpwap_plugin_multiple_download_func function. This makes it possible for authenticated attackers with subscriber-level attackers to create and download arbitrary content as backup zip files in the wp-content folder. • https://wpscan.com/vulnerability/b125a765-a6b6-421b-bd8a-effec12bc629 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36352 – WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2022-36352
Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3. Vulnerabilidad de autorización faltante en Profilegrid ProfileGrid: perfiles de usuario, membresías, grupos y comunidades. Este problema afecta a ProfileGrid: perfiles de usuario, membresías, grupos y comunidades: desde n/a hasta 5.0.3. The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 5.0.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to obtain access to arbitrary messages with read and edit capabilities. • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-0-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3578 – ProfileGrid < 5.1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-3578
The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting El complemento ProfileGrid de WordPress anterior a 5.1.1 no desinfecta ni escapa un parámetro antes de devolverlo a la página, lo que genera una Cross-Site Scripting reflejada. The ProfileGrid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 5.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/17596b0e-ff45-4d0c-8e57-a31101e30345 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0420 – RegistrationMagic < 5.0.2.2 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-0420
The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks El plugin RegistrationMagic de WordPress versiones anteriores a 5.0.2.2, no sanea y escapa del parámetro rm_form_id antes de usarlo en una sentencia SQL en el panel de administración de Automation, permitiendo a usuarios con altos privilegios llevar a cabo ataques de inyección SQL • https://plugins.trac.wordpress.org/changeset/2672042 https://wpscan.com/vulnerability/056b5167-3cbc-47d1-9917-52a434796151 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0232 – User Registration, Login & Landing Pages – LeadMagic <= 1.2.7 Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0232
The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.2.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. El plugin User Registration, Login & Landing Pages de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado debido a un escape insuficiente por el parámetro loader_text encontrado en el archivo ~/includes/templates/landing-page.php que permite a atacantes con acceso de usuario administrativo inyectar scripts web arbitrarios, en versiones hasta la 1.2.7 incluyéndola. Esto afecta a las instalaciones multisitio donde unfiltered_html está deshabilitado para administradores, y a los sitios donde unfiltered_html está deshabilitado • https://github.com/BigTiger2020/2022/blob/main/User%20Registration%20Xss.md https://plugins.trac.wordpress.org/browser/custom-landing-pages-leadmagic/tags/1.2.6/includes/templates/landing-page.php#L35 https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •