CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0855 – Spiffy Calendar < 4.9.9 - Broken Access Control
https://notcve.org/view.php?id=CVE-2024-0855
The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+. El complemento Spiffy Calendar de WordPress anterior a 4.9.9 no verifica el parámetro event_author y permite a cualquier usuario modificarlo al crear un evento, lo que lleva a engañar a los usuarios/administradores de que una página fue creada por un Contributor+. The Spiffy Calendar plugin for WordPress is vulnerable to unauthorized modification of data due insufficient restrictions on the event_author parameter in all versions up to, and including, 4.9.8. This makes it possible for authenticated attackers, with contributor-level access and above, to make an event appear as though it was created by another user. • https://wpscan.com/vulnerability/5d5da91e-3f34-46b0-8db2-354a88bdf934 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0354 – unknown-o download-station index.php path traversal
https://notcve.org/view.php?id=CVE-2024-0354
A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. • https://note.zhaoj.in/share/nHD5xiHQgHG0 https://vuldb.com/?ctiid.250121 https://vuldb.com/?id.250121 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7115 – PageLayer < 1.8.1 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-7115
The Page Builder: Pagelayer WordPress plugin before 1.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento Page Builder: Pagelayer de WordPress anterior a 1.8.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio). The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/6ddd1a9e-3f96-4020-9b2b-f818a4d5ba58 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0248 – EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management
https://notcve.org/view.php?id=CVE-2024-0248
The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9. El complemento EazyDocs de WordPress anterior a 2.4.0 reintrodujo CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) en 2.3.8, lo que permite a cualquier usuario autenticado, como suscriptor para eliminar publicaciones arbitrarias, así como agregar y eliminar documentos/secciones. El problema se solucionó parcialmente en 2.3.9. The EazyDocs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on various functions in versions 2.3.8 to 2.3.9. • https://wpscan.com/vulnerability/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7198 – WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes
https://notcve.org/view.php?id=CVE-2023-7198
The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data. El complemento WP Dashboard Notes de WordPress anterior a 1.0.11 es vulnerable a referencias de objetos directos inseguros (IDOR) en el parámetro post_id=. Los usuarios autenticados pueden eliminar notas privadas asociadas con diferentes cuentas de usuario. • https://wpscan.com/vulnerability/75fbee63-d622-441f-8675-082907b0b1e6 • CWE-639: Authorization Bypass Through User-Controlled Key •