CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0627 – Amelia < 1.0.46 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0627
23 Feb 2022 — The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. El plugin Amelia de WordPress versiones anteriores a 1.0.47, no sanea y escapa del parámetro code antes de devolverlo a una página de administración, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/fd8c720a-a94a-438f-b686-3a734e3c24e4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0687 – Amelia < 1.0.46 - Manager+ RCE
https://notcve.org/view.php?id=CVE-2022-0687
23 Feb 2022 — The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role. El plugin Amelia de WordPress versiones anteriores a 1.0.47, almacena los blobs de imágenes en archivos reales cuya extensión es controlada por el usuario, lo que puede conllevar a una carga de backdoors PHP en el sitio. Esta vulnerab... • https://wpscan.com/vulnerability/3cf05815-9b74-4491-a935-d69a0834146c • CWE-434: Unrestricted Upload of File with Dangerous Type •