CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52231 – Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2023-52231
The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.2 (exclusive). • https://patchstack.com/database/vulnerability/booster-plus-for-woocommerce/wordpress-booster-plus-for-woocommerce-plugin-7-1-2-authenticated-arbitrary-order-information-disclosure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22051 – CommonMarker Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-22051
This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns. • https://github.com/advisories/GHSA-fmx4-26r3-wxpf https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3 https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0212 – Cloudflare WordPress plugin enables information disclosure of Cloudflare API (for low privileged users)
https://notcve.org/view.php?id=CVE-2024-0212
The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API. ... The Cloudflare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'initProxy' function in versions up to and including 4.12.2. • https://github.com/cloudflare/Cloudflare-WordPress/releases/tag/v4.12.3 https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51567 – Kofax Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51567
Kofax Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. ... User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OXPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. ... User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OXPS files.The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. • https://www.zerodayinitiative.com/advisories/ZDI-24-006 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51564 – Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-51564
Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. ... User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. ... User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files.The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. • https://www.zerodayinitiative.com/advisories/ZDI-24-002 • CWE-125: Out-of-bounds Read •