CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4648 – Real Testimonials < 2.6.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4648
The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. El complemento Real Testimonials de WordPress anterior a 2.6.0 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a la página, lo que podría permitir a los usuarios con un rol tan bajo como colaborador realizar ataques de cross-site scripting almacenado que podrían usarse contra usuarios con privilegios elevados, como administradores. The Real Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 2.5.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/9bbfb664-5b83-452b-82bb-562a1e18eb65 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2382 – Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion
https://notcve.org/view.php?id=CVE-2022-2382
The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. El plugin Product Slider for WooCommerce de WordPress versiones anteriores a 2.5.7, presenta comprobaciones de tipo CSRF fallidas y carece de autorización en algunas de sus acciones AJAX, lo que permite a cualquier usuario autenticado, como el suscriptor, llamarlas. Una en particular podría permitirles eliminar opciones arbitrarias del blog. The Product Slider for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the spwps_reset_ajax and spwps_get_icons functions called via AJAX actions in versions up to, and including, 2.5.6. • https://wpscan.com/vulnerability/777d4637-444b-4eda-bc21-95d3a3bf6cd3 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24738 – Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24738
The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks El plugin Logo Carousel de WordPress versiones anteriores a 3.4.2, no comprueba ni escapa de la opción de carrusel "Logo Margin", lo que podría permitir a usuarios con un rol tan bajo como el de Colaborador llevar a cabo ataques de tipo Cross-Site Scripting Almacenado • https://wpscan.com/vulnerability/2c3d8c21-ecd4-41ba-8183-2ecbd9a3df25 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24739 – Logo Carousel < 3.4.2 - Unauthorised Private Post Access
https://notcve.org/view.php?id=CVE-2021-24739
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature El plugin Logo Carousel de WordPress versiones anteriores a 3.4.2, permite a usuarios con un rol tan bajo como el de Contribuyente duplicar y visualizar publicaciones privadas arbitrarias hechas por otros usuarios por medio de la función Carousel Duplication • https://wpscan.com/vulnerability/2afadc76-93ad-47e1-a224-e442ac41cbce • CWE-285: Improper Authorization CWE-639: Authorization Bypass Through User-Controlled Key •