CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-39329 – JobBoardWP – Job Board Listings and Submissions <= 1.0.7 Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-39329
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. El plugin JobBoardWP de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado debido a una comprobación y saneamiento insuficiente de entradas por medio de varios parámetros encontrados en el archivo ~/includes/admin/class-metabox.php que permitían a atacantes con acceso de usuario administrativo inyectar scripts web arbitrarios, en versiones hasta la 1.0.7 incluyéndola. Esto afecta a las instalaciones multisitio en las que unfiltered_html está deshabilitado para los administradores, y a los sitios en los que unfiltered_html está deshabilitado • https://github.com/BigTiger2020/word-press/blob/main/JobBoardWP%20%E2%80%93%20Job%20Board%20Listings%20and%20Submissions.md https://plugins.trac.wordpress.org/browser/jobboardwp/trunk/includes/admin/class-metabox.php#L165 https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39329 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24306 – Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24306
The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue. Knowledge of the targeted username is required to exploit this, and attackers would then need to make the related logged in user open a malicious link. El plugin de WordPress Ultimate Member - User Profile, User Registration, Login & Membership Plugin versión anterior a 2.1.20, no saneaba, validaba ni codificaba apropiadamente la cadena de consulta cuando genera un enlace para editar el perfil del usuario, lo que generaba un problema de tipo Cross-Site Scripting reflejado autenticado. Es requerido el conocimiento del nombre de usuario objetivo para explotar esto, y los atacantes tendrían que hacer que el usuario conectado relacionado abra un enlace malicioso • https://wpscan.com/vulnerability/35516555-c50c-486a-886c-df49c9e51e2c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36170 – Ultimate Member <= 2.1.12 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-36170
The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms. El plugin Ultimate Member versiones anteriores a 2.1.13 para WordPress, maneja inapropiadamente los campos name="timestamp" ocultos en los formularios • https://wordpress.org/plugins/ultimate-member/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 2CVE-2020-36156 – Ultimate Member <= 2.1.11 - Authenticated Privilege Escalation via Profile Update
https://notcve.org/view.php?id=CVE-2020-36156
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges. Se detectó un problema en el plugin Ultimate Member versiones anteriores a 2.1.12 para WordPress, también se conoce como Escalada de Privilegios Autenticada por medio de Profile Update. Cualquier usuario con acceso wp-admin a la página profile.php podría proporcionar el parámetro um-role con un valor establecido para cualquier rol (por ejemplo, Administrator) durante una actualización de perfil y efectivamente escalar sus privilegios. • https://wordpress.org/plugins/ultimate-member/#developers https://wpscan.com/vulnerability/dd4c4ece-7206-4788-8747-f0c0f3ab0a53 https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2020-36157 – Ultimate Member <= 2.1.11 - Unauthenticated Privilege Escalation via User Roles
https://notcve.org/view.php?id=CVE-2020-36157
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges. Se detectó un problema en el plugin Ultimate Member versiones anteriores a 2.1.12 para WordPress, también se conoce como Escalada de Privilegios No Autenticada por medio de User Roles. Debido a una falta de filtrado en el parámetro role que podría ser suministrado durante el proceso de registro, un atacante podría proporcionar el parámetro role con una capacidad de WordPress (o cualquier función personalizada de Ultimate Member) y efectivamente ser otorgados esos privilegios. • https://wordpress.org/plugins/ultimate-member/#developers https://wpscan.com/vulnerability/33f059c5-58e5-44b9-bb27-793c3cedef3b https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin • CWE-269: Improper Privilege Management •