CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0233 – ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0233
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 1.2.7. El plugin ProfileGrid - User Profiles, Memberships, Groups and Communities de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado debido a un escape insuficiente por medio de los parámetros pm_user_avatar y pm_cover_image encontrados en el archivo ~/admin/class-profile-magic-admin.php que permite a atacantes con acceso de usuario autenticado, como los suscriptores, inyectar scripts web arbitrarios en su perfil, en versiones hasta 1.2.7 incluyéndola The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 4.7.4. • https://github.com/BigTiger2020/2022/blob/main/ProfileGrid%20Xss.md https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/4.7.4/admin/class-profile-magic-admin.php#L961 https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0233 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 77%CPEs: 1EXPL: 4CVE-2021-24862 – RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24862
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue El plugin RegistrationMagic de WordPress versiones anteriores a 5.0.1.6, no escapa a la entrada del usuario en su acción rm_chronos_ajax AJAX antes de usarla en una sentencia SQL cuando son duplicadas tareas en lotes, lo que podría conllevar a un problema de inyección SQL RegistrationMagic, a WordPress plugin, prior to 5.0.1.5 is affected by an authenticated SQL injection via the task_ids parameter. • https://www.exploit-db.com/exploits/50686 http://packetstormsecurity.com/files/165746/WordPress-RegistrationMagic-V-5.0.1.5-SQL-Injection.html https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-24862 https://wpscan.com/vulnerability/7d3af3b5-5548-419d-aa32-1f7b51622615 https://github.com/Hacker5preme/Exploits/blob/main/Wordpress/CVE-2021-24862/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24648 – Registration Magic < 5.0.1.9 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24648
The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting El plugin RegistrationMagic de WordPress versiones anteriores a 5.0.1.9, no sanea ni escapa del parámetro rm_search_value antes de devolverlo a un atributo, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2646734 https://wpscan.com/vulnerability/a3573212-2a98-4504-b8f4-b4d46655e17c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4073 – RegistrationMagic <= 5.0.1.7 Authentication Bypass
https://notcve.org/view.php?id=CVE-2021-4073
The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. This affects versions equal to, and less than, 5.0.1.7. El plugin RegistrationMagic de WordPress permitía a usuarios no autenticados iniciar sesión como cualquier usuario del sitio, incluidos los administradores, si conocían un nombre de usuario válido en el sitio debido a una falta de comprobación de la identidad en la función login social social_login_using_email() del plugin. Esto afecta a las versiones iguales y menores a 5.0.1.7 • https://plugins.trac.wordpress.org/changeset/2635173/custom-registration-form-builder-with-submission-manager/trunk/services/class_rm_user_services.php https://www.wordfence.com/blog/2021/12/authentication-bypass-vulnerability-patched-in-user-registration-plugin https://www.wordfence.com/vulnerability-advisories/#CVE-2021-4073 • CWE-287: Improper Authentication •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24703 – Download Plugin < 1.6.1 - Subscriber+ Arbitrary Plugin Activation
https://notcve.org/view.php?id=CVE-2021-24703
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed. El plugin Download Plugin de WordPress versiones anteriores a 1.6.1, no tiene comprobaciones de capacidad y de tipo CSRF en la acción dpwap_plugin_activate AJAX, que permite a cualquier usuario autenticado, como los suscriptores, activar plugins que ya están instalados • https://wpscan.com/vulnerability/4ed8296e-1306-481f-9a22-723b051122c0 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-732: Incorrect Permission Assignment for Critical Resource •