CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6081 – Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart
https://notcve.org/view.php?id=CVE-2023-6081
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). El complemento chartjs de WordPress hasta 2023.2 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio). The enigma-chartjs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to and including 2023.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://lynk.nl https://wpscan.com/vulnerability/5f011911-5fd1-46d9-b468-3062b4ec6f1e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6501 – Splashscreen <= 0.20 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2023-6501
The Splashscreen WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack El complemento Splashscreen de WordPress hasta la versión 0.20 no tiene activada la verificación CSRF al actualizar su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF. The Splashscreen plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 0.20. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to update the plugin's settings granted they can trick a site administrator into performing an action such as clicking on a link. • https://magos-securitas.com/txt/CVE-2023-6501.txt https://wpscan.com/vulnerability/dd19189b-de04-44b6-8ac9-0c32399a8976 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2024-0566 – Smart Manager < 8.28.0 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2024-0566
The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. El complemento Smart Manager de WordPress anterior a 8.28.0 no sanitiza ni escapa adecuadamente un parámetro antes de usarlo en una declaración SQL, lo que genera una inyección de SQL explotable por usuarios con privilegios elevados, como el administrador. The Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced) plugin for WordPress is vulnerable to SQL Injection via the 'sortOrder' parameter in all versions up to, and including, 8.27.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://github.com/xbz0n/CVE-2024-0566 https://wpscan.com/vulnerability/ca83db95-4a08-4615-aa8d-016022404c32 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0250 – Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
https://notcve.org/view.php?id=CVE-2024-0250
The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. El complemento Analytics Insights for Google Analytics 4 (AIWP) de WordPress anterior a 6.3 es vulnerable a Open Redirect debido a una validación insuficiente en el archivo de redireccionamiento oauth2callback.php. Esto hace posible que atacantes no autenticados redirijan a los usuarios a sitios potencialmente maliciosos si logran engañarlos para que realicen una acción. The Analytics Insights – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.2. • https://wpscan.com/vulnerability/321b07d1-692f-48e9-a8e5-a15b38efa979 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-6036 – Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-6036
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. El complemento Web3 de WordPress anterior a 3.0.0 es vulnerable a una omisión de autenticación debido a una verificación de autenticación incorrecta en el flujo de inicio de sesión en las funciones 'handle_auth_request' y 'hadle_login_request'. Esto hace posible que atacantes no autenticados inicien sesión como cualquier usuario existente en el sitio, como un administrador, si tienen acceso al nombre de usuario. The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authenticated bypass in all versions up to, and including, 2.8.0. • https://github.com/pctripsesp/CVE-2023-6036 https://wpscan.com/vulnerability/7f30ab20-805b-422c-a9a5-21d39c570ee4 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •