CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5514 – MinMax CMS - Hidden Functionality
https://notcve.org/view.php?id=CVE-2024-5514
30 May 2024 — MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs. MinMax CMS de MinMax Digital Technology contiene una cuenta de administrador oculta con una contraseña fija que no se puede eliminar ni deshabilitar desde la interfaz de administració... • https://www.twcert.org.tw/tw/cp-132-7828-c08b8-1.html • CWE-798: Use of Hard-coded Credentials CWE-912: Hidden Functionality •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32100 – WordPress Easy Digital Downloads plugin <= 3.2.11 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32100
09 May 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Easy Digital Downloads. Este problema afecta a Easy Digital Downloads: desde n/a hasta 3.2.11. The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information E... • https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31113 – WordPress Easy Digital Downloads plugin <= 3.2.11 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31113
09 May 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Easy Digital Downloads. Este problema afecta a Easy Digital Downloads: desde n/a hasta 3.2.11. The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.11. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33910 – WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33910
29 Apr 2024 — Missing Authorization vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. Vulnerabilidad de autorización faltante en publicaciones digitales de Supsystic. Este problema afecta a las publicaciones digitales de Supsystic: desde n/a hasta 1.7.7. The WordPress Flipbook by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.... • https://patchstack.com/database/vulnerability/digital-publications-by-supsystic/wordpress-digital-publications-by-supsystic-plugin-1-7-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32089 – WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32089
11 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Digital Publications by Supsystic.This issue affects Digital Publications by Supsystic: from n/a through 1.7.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Supsystic Digital Publications by Supsystic. Este problema afecta las publicaciones digitales de Supsystic: desde n/a hasta 1.7.7. The WordPress Flipbook by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.7. This is... • https://patchstack.com/database/vulnerability/digital-publications-by-supsystic/wordpress-digital-publications-by-supsystic-plugin-1-7-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31293 – WordPress Easy Digital Downloads plugin <= 3.2.6 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31293
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Easy Digital Downloads. Este problema afecta a Easy Digital Downloads: desde n/a hasta 3.2.6. The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/easy-digital-downloads/wordpress-easy-digital-downloads-plugin-3-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40005 – WordPress Easy Digital Downloads plugin <= 3.1.5 - Broken Access Control
https://notcve.org/view.php?id=CVE-2023-40005
26 Dec 2023 — Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5. The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.5. This makes it possible for unauthenticated attacke... • https://patchstack.com/database/wordpress/plugin/easy-digital-downloads/vulnerability/wordpress-easy-digital-downloads-plugin-3-1-5-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3653 – Stored XSS in Digital Ant E-Commerce Software
https://notcve.org/view.php?id=CVE-2023-3653
08 Aug 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ("Cross-Site Scripting") en Digital Ant E-Commerce Software permite la existencia de Cross-Site Scripting (XSS) almacenado. Este problema afecta a las versiones de E-Commerce Software antes de la v11. • https://https://www.usom.gov.tr/bildirim/tr-23-0443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3652 – Reflected XSS in Digital Ant E-Commerce Software
https://notcve.org/view.php?id=CVE-2023-3652
08 Aug 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11. • https://https://www.usom.gov.tr/bildirim/tr-23-0443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3651 – SQLi in Digital Ant E-Commerce Software
https://notcve.org/view.php?id=CVE-2023-3651
08 Aug 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11. • https://https://www.usom.gov.tr/bildirim/tr-23-0443 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •