CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7202 – Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending
https://notcve.org/view.php?id=CVE-2023-7202
The Fatal Error Notify WordPress plugin before 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable via CSRF El complemento Fatal Error Notify de WordPress anterior a 1.5.3 no tiene autorización y CSRF verifica su acción test_error AJAX, lo que permite a cualquier usuario autenticado, como un suscriptor, llamarlo y enviar spam a la dirección de correo electrónico del administrador con mensajes de error. El problema también se puede explotar a través de CSRF. The Fatal Error Notify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the test_error AJAX action in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to send test error emails to the administrator email address without restriction. • https://research.cleantalk.org/cve-2023-7202-fatal-error-notify-error-email-sending-csrf https://wpscan.com/vulnerability/d923ba5b-1c20-40ee-ac69-cd0bb65b375a • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6591 – Popup Box Pro < 20.9.0 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-6591
The Popup Box WordPress plugin before 20.9.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El complemento Popup Box de WordPress anterior a 20.9.0 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting incluso cuando unfiltered_html no está permitido. The Popup Box Business and Developer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 20.0.0 to 20.9.0 (Developer) and versions 7.0.0 to 7.9.0 (Business) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Please note this affects the premium version of the plugin despite the shared slug. • https://wpscan.com/vulnerability/f296de1c-b70b-4829-aba7-4afa24f64c51 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7233 – GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-7233
The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento GigPress de WordPress hasta la versión 2.3.29 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio). The GigPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/585cb2f2-7adc-431f-89d4-4e947f16af18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6499 – lasTunes <= 3.6.1 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2023-6499
The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack El complemento lasTunes de WordPress hasta la versión 3.6.1 no tiene verificación CSRF en algunos lugares y le falta sanitización y escape, lo que podría permitir a los atacantes hacer que el administrador que haya iniciado sesión agregue payloads XSS almacenadas a través de un ataque CSRF. The lasTunes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/69592e52-92db-4e30-92ca-b7b3d5b9185d • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6082 – Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-6082
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). El complemento chartjs de WordPress hasta 2023.2 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio). The enigma-chartjs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chart functionality in versions up to and including 2023.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://lynk.nl https://wpscan.com/vulnerability/c3d43aac-66c8-4218-b3f0-5256f895eda3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •