CVE-2022-0442 – UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override
https://notcve.org/view.php?id=CVE-2022-0442
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. El plugin UsersWP de WordPress versiones anteriores a 1.2.3.1, no presenta controles de acceso cuando es actualizada el avatar de un usuario, y no es asegurado de que los nombres de los archivos de los avatares de los usuarios sean únicos, permitiendo a un usuario conectado sobrescribir el avatar de otro usuario • https://wpscan.com/vulnerability/9cf0822a-c9d6-4ebc-b905-95b143d1a692 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2021-24720 – GeoDirectory < 2.1.1.3 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24720
The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS). El plugin GeoDirectory Business Directory de WordPress versiones anteriores a 2.1.1.3, era vulnerable a ataques de tipo Cross-Site Scripting (XSS) Almacenados y Autenticados • https://github.com/BigTiger2020/word-press/blob/main/WrodPress%20Plugin%20GeoDirectory%E2%80%94%E2%80%94Stored%20Cross-Site%20Scripting%20.md https://plugins.trac.wordpress.org/changeset/2596452/geodirectory https://wpscan.com/vulnerability/9de5cc51-f64c-4475-a0f4-d932dc4364a6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24361 – GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections
https://notcve.org/view.php?id=CVE-2021-24361
In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. En el plugin Location Manager de WordPress versiones anteriores a 2.1.0.10, la acción AJAX gd_popular_location_list no saneaba o comprobaba apropiadamente algunos de sus parámetros POST, que luego se utilizaban en una sentencia SQL, conllevando a problemas de inyección SQL no autenticada • https://wpgeodirectory.com/downloads/location-manager https://wpscan.com/vulnerability/5aff50fc-ac96-4076-a07c-bb145ae37025 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-24369 – GetPaid < 2.3.4 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24369
In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation. En el plugin de WordPress GetPaid versiones anteriores a 2.3.4, los usuarios con el rol de colaborador y superior pueden crear un nuevo Formulario de Pago, sin embargo los campos de entrada Label y Help no eran saneados apropiadamente. Por lo tanto, era posible inyectar contenido malicioso, como etiquetas img, conllevando a un problema de tipo Cross-Site Scripting almacenado que se desencadenaba cuando se editaba el formulario, por ejemplo, cuando un administrador lo revisaba y podía conllevar una escalada de privilegios • https://wpscan.com/vulnerability/1d1a731b-78f7-4d97-b40d-80f66700edae • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •