CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-21824
https://notcve.org/view.php?id=CVE-2024-21824
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. Existe una vulnerabilidad de autenticación incorrecta en varias impresoras y escáneres que implementan la administración basada en web proporcionada por BROTHER INDUSTRIES, LTD. Si se explota esta vulnerabilidad, un usuario adyacente a la red que pueda acceder al producto puede hacerse pasar por un usuario administrativo. • https://jvn.jp/en/jp/JVN82749078 https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 https://www.toshibatec.com/information/20240306_01.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.3EPSS: 0%CPEs: 37EXPL: 0CVE-2024-27974
https://notcve.org/view.php?id=CVE-2024-27974
Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]. Vulnerabilidad de Cross-Site Request Forgery en impresoras FUJIFILM que implementan CentreWare Internet Services o Internet Services permite que un atacante remoto no autenticado altere la información del usuario. En el caso de que el usuario sea administrador, se podrán alterar configuraciones como ID de administrador, contraseña, etc. • https://jvn.jp/en/jp/JVN34328023 https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51516 – WordPress Business Directory Plugin – Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51516
Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9. Vulnerabilidad de falta de autorización en el complemento Business Directory Team Business Directory. Este problema afecta al complemento Business Directory: desde n/a hasta 6.3.9. The Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'dispatch' function in versions up to, and including, 6.3.9. This makes it possible for authenticated attackers, with contributor-level access and above, to delete listings. • https://patchstack.com/database/vulnerability/business-directory-plugin/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47237 – WordPress WP Google My Business Auto Publish Plugin <= 3.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47237
Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson Auto Publish for Google My Business plugin <= 3.7 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Martin Gibson Auto Publish para Google My Business en versiones <= 3.7. The Auto Publish for Google My Business plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.7. This is due to missing or incorrect nonce validation in multiple functions. This makes it possible for unauthenticated attackers to auto-publish to google, delete transients, and update post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-google-my-business-auto-publish/wordpress-auto-publish-for-google-my-business-plugin-3-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41689 – Post to Google My Business <= 3.1.14 - Cross-Site Request Forgery to Dismiss Notification
https://notcve.org/view.php?id=CVE-2023-41689
The Post to Google My Business plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on the ajax_delete_notification() function. This makes it possible for unauthenticated attackers to dismiss notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •