CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7047 – WP Database Reset <= 3.1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-7047
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. El plugin de WordPress, WP Database Reset versiones hasta 3.1, contiene un fallo que otorgó a cualquier usuario autenticado, con permisos mínimos, la capacidad (con una petición simple wp-admin/admin.php?db-reset-tables[]=users) para escalar sus privilegios a administrador mientras elimina a todos los otros usuarios de la tabla. • https://wordpress.org/plugins/wordpress-database-reset/#developers https://wpvulndb.com/vulnerabilities/10028 https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6166 – Minimal Coming Soon & Maintenance Mode <= 2.16 - Missing Authorization to Export Settings/Theme Change
https://notcve.org/view.php?id=CVE-2020-6166
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes. Un fallo en el plugin de WordPress, Minimal Coming Soon & Maintenance Mode versiones hasta 2.15, permite a usuarios autenticados con acceso básico exportar la configuración y cambiar los temas en el modo de mantenimiento. • https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers https://wpvulndb.com/vulnerabilities/10009 https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin • CWE-276: Incorrect Default Permissions CWE-862: Missing Authorization •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6167 – Minimal Coming Soon & Maintenance Mode <= 2.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting and Setting Changes
https://notcve.org/view.php?id=CVE-2020-6167
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo. Un fallo en el plugin de WordPress, Minimal Coming Soon & Maintenance Mode versiones hasta 2.10, permite un ataque de tipo CSRF para habilitar el modo de mantenimiento, inyectar XSS, modificar varias configuraciones importantes o incluir archivos remotos como un logotipo. • https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers https://wpvulndb.com/vulnerabilities/10007 https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19915 – 301 Redirects - Easy Redirect Manager <= 2.40 - Missing Authorization
https://notcve.org/view.php?id=CVE-2019-19915
The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF. • https://wpvulndb.com/vulnerabilities/9979 https://www.wordfence.com/blog/2019/12/critical-vulnerability-patched-in-301-redirects-easy-redirect-manager • CWE-352: Cross-Site Request Forgery (CSRF) CWE-732: Incorrect Permission Assignment for Critical Resource CWE-862: Missing Authorization •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6168 – Minimal Coming Soon & Maintenance Mode <= 2.10 - Missing Authorization
https://notcve.org/view.php?id=CVE-2020-6168
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting). Un fallo en el plugin de WordPress, Minimal Coming Soon & Maintenance Mode versiones hasta 2.10, permite a usuarios autenticados con acceso básico habilitar y deshabilitar la configuración del modo de mantenimiento (impactando la disponibilidad y confidencialidad de un sitio vulnerable, junto con la integridad de la configuración). • https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers https://wpvulndb.com/vulnerabilities/10008 https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin • CWE-862: Missing Authorization •