CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2093 – WP Duplicate Page < 1.3 - Admin+ Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-2093
The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. El plugin WP Duplicate Page de WordPress versiones anteriores a 1.3 no sanea y escapa de algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de Cross-Site Scripting incluso cuando unfiltered_html está deshabilitado • https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24385 – Filebird 4.7.3 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24385
The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the get_col function and it allows SQL injection. The Rest API endpoint which invokes this function also does not have any required permissions/authentication and can be accessed by an anonymous user. El plugin Filebird versión 4.7.3, introdujo una vulnerabilidad de inyección SQL, ya que realiza consultas SQL sin escapar los datos de entrada del usuario desde una petición de publicación HTTP. Se trata de una vulnerabilidad importante ya que la entrada del usuario no se escapa y se pasa directamente a la función get_col y permite una inyección SQL. • https://10up.com/blog/2021/security-vulnerability-filebird-wordpress-plugin https://wpscan.com/vulnerability/754ac750-0262-4f65-b23e-d5523995fbfa • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24142 – Video Downloader for TikTok < 1.4 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-24142
Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hosts and execute command on services Una vulnerabilidad de tipo Server-side request forgery en el plugin Video Downloader para TikTok (también se conoce como downloader-tiktok) versión 1.3 para WordPress, permite a un atacante enviar peticiones diseñadas desde el servidor back-end de una aplicación web vulnerable por medio del parámetro njt-tk-download-video. Puede ayudar a identificar puertos abiertos, hosts de la red local y ejecutar comandos en los servicios • https://github.com/secwx/research/blob/main/cve/CVE-2020-24142.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24143 – Video Downloader for TikTok < 1.4 - Directory Traversal
https://notcve.org/view.php?id=CVE-2020-24143
Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter. Un salto de Directorio en el plugin Video Downloader para TikTok (también se conoce como downloader-tiktok) versión 1.3 para WordPress, permite a un atacante acceder a archivos almacenados fuera de la carpeta root de la web por medio del parámetro njt-tk-download-video • https://github.com/secwx/research/blob/main/cve/CVE-2020-24143.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36718 – GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection
https://notcve.org/view.php?id=CVE-2020-36718
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object. • https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability https://plugins.trac.wordpress.org/changeset/2408938 https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance https://wordpress.org/plugins/ninja-gdpr-compliance/#developers https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395 https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve • CWE-502: Deserialization of Untrusted Data •