CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1189 – AMPPS Encryption Passphrase denial of service
https://notcve.org/view.php?id=CVE-2024-1189
A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://fitoxs.com/vuldb/15-exploit-perl.txt https://vuldb.com/?ctiid.252679 https://vuldb.com/?id.252679 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0697 – Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 - Authenticated (Administrator+) Directory Traversal
https://notcve.org/view.php?id=CVE-2024-0697
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information. El complemento Backuply – Backup, Restore, Migrate and Clone para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 1.2.3 inclusive a través del parámetro node_id en la función backuply_get_jstree. Esto hace posible que atacantes con privilegios de administrador o superiores lean el contenido de archivos arbitrarios en el servidor, que pueden contener información confidencial. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6598 – SpeedyCache <= 1.1.3 - Missing Authorization to Plugin Options Update
https://notcve.org/view.php?id=CVE-2023-6598
The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin options. El complemento SpeedyCache para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en las funciones speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings y speedycache_preloading_delete_resource en todas las versiones hasta la 1.1.3 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, actualicen las opciones del complemento. • https://plugins.trac.wordpress.org/changeset/3010577/speedycache https://www.wordfence.com/threat-intel/vulnerabilities/id/db8cfdba-f3b2-45dc-9be7-6f6374fd5f39?source=cve • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49746 – WordPress SpeedyCache Plugin <= 1.1.2 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-49746
Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Softaculous Team SpeedyCache – Caché, optimización, rendimiento. Este problema afecta a SpeedyCache – Caché, optimización, rendimiento: desde n/a hasta 1.1.2. The SpeedyCache – Cache, Optimization, Performance plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.2 via the speedycache_create_test_cache() function. This makes it possible for authenticated attackers, subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/speedycache/wordpress-speedycache-plugin-1-1-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26886
https://notcve.org/view.php?id=CVE-2020-26886
Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host. Softaculous versiones anteriores a 5.5.7, está afectado por una vulnerabilidad de ejecución de código debido a una Inicialización Externa de Trusted Variables o Data Stores. Esto conlleva a una escalada de privilegios en el host local • https://vulnerable.af https://vulnerable.af/posts/cve-2020-26886 https://www.softaculous.com/board/index.php?tid=17086&title=Softaculous_5.5.7_Launched • CWE-665: Improper Initialization •