CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-36909 – WordPress WP Reset PRO Premium plugin <= 5.98 - Authenticated Database Reset vulnerability
https://notcve.org/view.php?id=CVE-2021-36909
10 Nov 2021 — Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. Una vulnerabilidad de restablecimiento de la base de datos autenticada en el plugin WP Reset PRO Premium de WordPress (versiones anteriores a 5.98 incluyéndola) permite a cualquier usuario autenticado borrar toda la base de datos independientemente de su autorizaci... • https://patchstack.com/database/vulnerability/wp-reset/wordpress-wp-reset-pro-premium-plugin-5-98-authenticated-database-reset-vulnerability • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24533 – Maintenance < 4.03 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24533
21 Jul 2021 — The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the unfiltered_html capability is disallowed), which will be triggered in the frontend El plugin de WordPress Maintenance versiones anteriores a 4.03, no sanea o escapa de algunas de sus configuraciones, permitiendo a usuarios con altos privilegios, como los administradores, ver en ellas cargas útiles de tipo Cross-Si... • https://wpscan.com/vulnerability/174b2119-b806-4da4-a23d-c19b552c86cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24424 – WP Reset < 1.90 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24424
26 May 2021 — The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue El plugin de WordPress WP Reset - Most Advanced WordPress Reset Tool versiones anteriores a 1.90, no saneaba o escapaba de su parámetro extra_data cuando se crea una instantánea por medio del panel de administración, conllevando a un problema de tipo Cross-Site Scripti... • https://m0ze.ru/vulnerability/%5B2021-05-26%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Reset-WordPress-Plugin-v1.86.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24142 – 301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24142
18 Jan 2021 — Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections. Una entrada no valorada en el plugin de WordPress 301 Redirects - Easy Redirect Manager, versiones anteriores a 2.51, no saneaba su columna "Redirect From" cuando se importa un archivo CSV, permitiendo a usuarios muy privilegiado llevar a cabo inyecciones SQL • https://wpscan.com/vulnerability/19800898-d7b6-4edd-887b-dac3c0597f14 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 1%CPEs: 1EXPL: 1CVE-2020-7047 – WP Database Reset <= 3.1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-7047
16 Jan 2020 — The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. El plugin de WordPress, WP Database Reset versiones hasta 3.1, contiene un fallo que otorgó a cualquier usuario autenticado, con permisos mínimos, la capacidad (con una petición simple wp-admin/admin.php?db-rese... • https://wordpress.org/plugins/wordpress-database-reset/#developers • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 41%CPEs: 1EXPL: 2CVE-2020-7048 – WP Database Reset <= 3.1 - Unauthenticated Database Reset
https://notcve.org/view.php?id=CVE-2020-7048
16 Jan 2020 — The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI. El plugin de WordPress, WP Database Reset versiones hasta 3.1, contiene un fallo que permitió a cualquier usuario no autenticado restablecer cualquier tabla de la base de datos al estado inicial de configu... • https://github.com/ElmouradiAmine/CVE-2020-7048 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6167 – Minimal Coming Soon & Maintenance Mode <= 2.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting and Setting Changes
https://notcve.org/view.php?id=CVE-2020-6167
08 Jan 2020 — A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo. Un fallo en el plugin de WordPress, Minimal Coming Soon & Maintenance Mode versiones hasta 2.10, permite un ataque de tipo CSRF para habilitar el modo de mantenimiento, inyectar XSS, modificar varias configuraciones importantes o incluir archivos remotos como un logotipo. • https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6166 – Minimal Coming Soon & Maintenance Mode <= 2.16 - Missing Authorization to Export Settings/Theme Change
https://notcve.org/view.php?id=CVE-2020-6166
08 Jan 2020 — A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes. Un fallo en el plugin de WordPress, Minimal Coming Soon & Maintenance Mode versiones hasta 2.15, permite a usuarios autenticados con acceso básico exportar la configuración y cambiar los temas en el modo de mantenimiento. • https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers • CWE-276: Incorrect Default Permissions CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19915 – 301 Redirects - Easy Redirect Manager <= 2.40 - Missing Authorization
https://notcve.org/view.php?id=CVE-2019-19915
19 Dec 2019 — The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF. • https://wpvulndb.com/vulnerabilities/9979 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-732: Incorrect Permission Assignment for Critical Resource CWE-862: Missing Authorization •
CVSS: 7.6EPSS: 1%CPEs: 1EXPL: 1CVE-2020-6168 – Minimal Coming Soon & Maintenance Mode <= 2.10 - Missing Authorization
https://notcve.org/view.php?id=CVE-2020-6168
18 Dec 2019 — A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting). Un fallo en el plugin de WordPress, Minimal Coming Soon & Maintenance Mode versiones hasta 2.10, permite a usuarios autenticados con acceso básico habilitar y deshabilitar la configuración del modo de mantenimiento (im... • https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers • CWE-862: Missing Authorization •