CVE-2024-6224 – Send email only on Reply to My Comment <= 1.0.6 - Stored XSS via CSRF
https://notcve.org/view.php?id=CVE-2024-6224
The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack The Send email only on Reply to My Comment plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the subscribe_reloaded_update_option() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/54457f1b-6572-4de0-9100-3433c715c5ce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-6366 – User Profile Builder < 3.11.8 - Unauthenticated Media Upload
https://notcve.org/view.php?id=CVE-2024-6366
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP. The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized file uplloads due to a missing capability check on the wppb_upload_file_type() function in all versions up to, and including, 3.11.7. This makes it possible for unauthenticated attackers to upload arbitrary media files via the async upload functionality. • https://github.com/Abdurahmon3236/CVE-2024-6366 https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e • CWE-862: Missing Authorization •
CVE-2024-6487 – Inline Related Posts < 3.8.0 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-6487
The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) The Inline Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/eeec9608-a7b2-4926-bac2-4c81a65dd473 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-5882 – Ultimate Classified Listings < 1.3 - Unauthenticated LFI
https://notcve.org/view.php?id=CVE-2024-5882
The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3 via the 'ucl_page' and 'layout' parameters. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://wpscan.com/vulnerability/5e8d7808-8f3e-4fc9-a1e7-e108da031ca7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-4483 – Email Encoder < 2.2.2 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-4483
The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'WP_Email_Encoder_Bundle_options[protection_text]' parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/8f2ac76c-f3f8-41f9-a32a-f414825cf6f1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •