CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6547 – Add Admin CSS <= 2.0.1 - Unauthenticated Full Path Dislcosure
https://notcve.org/view.php?id=CVE-2024-6547
The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. • https://plugins.trac.wordpress.org/browser/add-admin-css/trunk/tests/phpunit/bootstrap.php https://www.wordfence.com/threat-intel/vulnerabilities/id/0064244b-72a4-486d-aaad-be1f57e4a8a1?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45360 – WordPress Commenter Emails Plugin <= 2.6.1 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2022-45360
Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1. Neutralización inadecuada de elementos de fórmula en una vulnerabilidad de archivo CSV en Scott Reilly Commenter Emails. Este problema afecta Commenter Emails: desde n/a hasta 2.6.1. The Commenter Emails plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 2.6.1. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. • https://patchstack.com/database/vulnerability/commenter-emails/wordpress-commenter-emails-plugin-2-6-1-csv-injection?_s_id=cve • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •