CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47548 – WordPress Integrate Google Drive Plugin <= 1.3.2 is vulnerable to Open Redirection
https://notcve.org/view.php?id=CVE-2023-47548
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2. Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza ('Open Redirect') en SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site. Este problema afecta a Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: desde n/a hasta 1.3.2. The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.2. This is due to insufficient validation on the redirect url supplied via the 'state' parameter. • https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-0-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32117 – Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints
https://notcve.org/view.php?id=CVE-2023-32117
The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more. • https://github.com/RandomRobbieBF/CVE-2023-32117 • CWE-862: Missing Authorization •