CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28497 – WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28497
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Tribulant Slideshow Gallery LITE en versiones <= 1.7.6. The Slideshow Gallery LITE plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the admin_slides function. This makes it possible for unauthenticated attackers to delete slides via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24882 – Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24882
The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed El plugin Slideshow Gallery de WordPress versiones anteriores a 1.7.4, no sanea ni escapa de los campos "Title" de la diapositiva, "Description" y "Title" de la galería, que podría permitir a usuarios con privilegios elevados llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando el unfiltered_html está deshabilitado • https://wpscan.com/vulnerability/6d71816c-8267-4b84-9087-191fbb976e72 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35932 – Newsletter <= 6.8.1 - Authenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2020-35932
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exploitability depends on PHP objects that might be present with certain other plugins or themes. Una Deserialización No Segura en el plugin Newsletter versiones anteriores a 6.8.2 para WordPress, permite a atacantes remotos autenticados con privilegios mínimos (tales como suscriptores) usar la acción AJAX de tpnc_render para inyectar objetos PHP arbitrarios por medio del parámetro options[inline_edits]. NOTA: la explotabilidad depende de los objetos PHP que pueden estar presentes con otros plugins o temas. • https://www.wordfence.com/blog/2020/08/newsletter-plugin-vulnerabilities-affect-over-300000-sites • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15828 – One Click SSL <= 1.4.6 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-15828
The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. El plugin one-click-ssl anterior a la versión 1.4.7 para WordPress tiene CSRF. • https://wordpress.org/plugins/one-click-ssl/#developers https://wpvulndb.com/vulnerabilities/9448 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14788 – Newsletters <= 4.6.18 - Directory Traversal
https://notcve.org/view.php?id=CVE-2019-14788
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. El archivo wp-admin/admin-ajax.php?action=newsletters_exportmultiple en el plugin Tribulant Newsletters versiones anteriores a 4.6.19 para WordPress, permite un salto de directorio con ejecución de código PHP remota resultante por medio del parámetro subscribers [1][1] en conjunto con un valor exportfile=../. • https://wordpress.org/plugins/newsletters-lite/#developers https://wpvulndb.com/vulnerabilities/9447 https://www.pluginvulnerabilities.com/2019/07/02/there-is-also-an-authenticated-remote-code-execution-rce-vulnerability-in-newsletters • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •