CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3591 – WordPress Geo Controller < 8.6.5 - PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-3591
The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. El complemento Geo Controller WordPress anterior a 8.6.5 deserializa la entrada del usuario a través de algunas de sus acciones AJAX y rutas API REST, lo que podría permitir a usuarios no autenticados realizar inyección de objetos PHP cuando hay un gadget adecuado presente en el blog. The Geo Controller plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 8.6.4 via deserialization of untrusted input supplied via the '/cache/shortcode' REST API route. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://wpscan.com/vulnerability/f85d8b61-eaeb-433c-b857-06ee4db5c7d5 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1319 – Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure
https://notcve.org/view.php?id=CVE-2024-1319
The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts). El complemento Events Tickets Plus de WordPress anterior a 5.9.1 no impide que los usuarios con al menos el rol de colaborador filtren la lista de asistentes en cualquier tipo de publicación, independientemente del estado. (por ejemplo, publicaciones en borrador, privadas, pendientes de revisión, protegidas con contraseña y eliminadas). The Events Tickets Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.0 via the tribe_attendees_list shortcode. • https://wpscan.com/vulnerability/5904dc7e-1058-4c40-bca3-66ba57b1414b • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1316 – Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access
https://notcve.org/view.php?id=CVE-2024-1316
The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review, pw-protected, and trashed events). El complemento Event Tickets and Registration de WordPress anterior a 5.8.1, el complemento Events Tickets Plus de WordPress anterior a 5.9.1 no impide que los usuarios con al menos el rol de colaborador filtren la existencia de ciertos eventos a los que no deberían tener acceso. (por ejemplo, eventos borrador, privados, pendientes de revisión, protegidos por contraseña y eliminados). The Event Tickets and Registration plugin for WordPress is vulnerable to Information Exposure in all versions up to 5.8.0 (free) & 5.9.1 (premium). • https://wpscan.com/vulnerability/d80dfe2f-207d-4cdf-8c71-27936c6318e5 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1106 – Shariff Wrapper < 4.6.10 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-1106
The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento Shariff Wrapper de WordPress anterior a 4.6.10 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio). The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/0672f8af-33e2-459c-ac8a-7351247a8a26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7203 – Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion
https://notcve.org/view.php?id=CVE-2023-7203
The Smart Forms WordPress plugin before 2.6.87 does not have authorisation in various AJAX actions, which could allow users with a role as low as subscriber to call them and perform unauthorised actions such as deleting entries. The plugin also lacks CSRF checks in some places which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as deleting entries. El complemento Smart Forms de WordPress anterior a 2.6.87 no tiene autorización en varias acciones AJAX, lo que podría permitir a usuarios con un rol tan bajo como suscriptor llamarlos y realizar acciones no autorizadas, como eliminar entradas. El complemento también carece de comprobaciones CSRF en algunos lugares, lo que podría permitir a los atacantes hacer que los usuarios que han iniciado sesión realicen acciones no deseadas a través de ataques CSRF, como eliminar entradas. The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the rednao_smart_form_delete_entries() AJAX action in all versions up to, and including, 2.6.86. • https://wpscan.com/vulnerability/b514b631-c3e3-4793-ab5d-35ed0c38b011 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •