CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2022-0788 – WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2022-0788
11 May 2022 — The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users El plugin WP Fundraising Donation and Crowdfunding Platform WordPress anterior a la versión 1.5.0 no sanea y escapa de un parámetro antes de utilizarlo en una sentencia SQL a través de una de sus rutas REST, lo que lleva a una inyección SQL explotable por usu... • https://wpscan.com/vulnerability/fbc71710-123f-4c61-9796-a6a4fd354828 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 2CVE-2022-1442 – Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2022-1442
23 Apr 2022 — The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3. El plugin Metform para WordPress es vulnerable a una divulgación de información confidencial debido a un control de acceso i... • https://github.com/RandomRobbieBF/CVE-2022-1442 • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24258 – ElementsKit and ElementsKit Pro < 2.2.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2021-24258
13 Apr 2021 — The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. Los Plugins de WordPress Elements Kit Lite y Elements Kit Pro versiones anteriores a 2.2.0, presentan una serie de widgets que son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) almacenado por parte de usuarios menos privilegiados, como los contribuyentes, todo por medi... • https://wpscan.com/vulnerability/47b47b86-899b-4de3-8a3c-2d5d1774298f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •