CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5514 – MinMax CMS - Hidden Functionality
https://notcve.org/view.php?id=CVE-2024-5514
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs. MinMax CMS de MinMax Digital Technology contiene una cuenta de administrador oculta con una contraseña fija que no se puede eliminar ni deshabilitar desde la interfaz de administración. Los atacantes remotos que obtienen esta cuenta pueden eludir las restricciones de control de acceso a IP e iniciar sesión en el sistema backend sin ser registrados en los registros del sistema. • https://www.twcert.org.tw/tw/cp-132-7828-c08b8-1.html • CWE-798: Use of Hard-coded Credentials CWE-912: Hidden Functionality •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32100 – WordPress Easy Digital Downloads plugin <= 3.2.11 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32100
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Easy Digital Downloads. Este problema afecta a Easy Digital Downloads: desde n/a hasta 3.2.11. The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.11. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31113 – WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31113
Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Easy Digital Downloads. Este problema afecta a Easy Digital Downloads: desde n/a hasta 3.2.11. The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.11. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33910 – WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33910
Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. Vulnerabilidad de autorización faltante en publicaciones digitales de Supsystic. Este problema afecta a las publicaciones digitales de Supsystic: desde n/a hasta 1.7.7. The WordPress Flipbook by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.7. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/digital-publications-by-supsystic/wordpress-digital-publications-by-supsystic-plugin-1-7-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32089 – WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32089
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Supsystic Digital Publications by Supsystic. Este problema afecta las publicaciones digitales de Supsystic: desde n/a hasta 1.7.7. The WordPress Flipbook by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.7. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/digital-publications-by-supsystic/wordpress-digital-publications-by-supsystic-plugin-1-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •