CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25615 – WordPress eRoom plugin <= 1.3.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cache Deletion
https://notcve.org/view.php?id=CVE-2022-25615
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en StylemixThemes eRoom - Zoom Meetings & Webinar (plugin de WordPress) versiones anteriores a 1.3.8 incluyéndola, permite una eliminación de la caché • https://patchstack.com/database/vulnerability/eroom-zoom-meetings-webinar/wordpress-eroom-plugin-1-3-8-cross-site-request-forgery-csrf-vulnerability-leading-to-cache-deletion https://wordpress.org/plugins/eroom-zoom-meetings-webinar/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25614 – WordPress eRoom plugin <= 1.3.7 - Cross-Site Request Forgery (CSRF) leading to Sync with Zoom Meetings vulnerability
https://notcve.org/view.php?id=CVE-2022-25614
Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom - Zoom Meetings & Webinar (WordPress plugin) versiones anteriores a 1.3.7 incluyéndola, permite a un atacante sincronizar con Zoom Meetings • https://patchstack.com/database/vulnerability/eroom-zoom-meetings-webinar/wordpress-eroom-plugin-1-3-7-cross-site-request-forgery-csrf-leading-to-sync-with-zoom-meetings-vulnerability https://wordpress.org/plugins/eroom-zoom-meetings-webinar/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 20%CPEs: 1EXPL: 5CVE-2022-0441 – MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation
https://notcve.org/view.php?id=CVE-2022-0441
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin El plugin MasterStudy LMS de WordPress versiones anteriores a 2.7.6, no comprueba algunos parámetros dados cuando es registrada una nueva cuenta, permitiendo a usuarios no autenticados registrarse como administradores MasterStudy LMS, a WordPress plugin, prior to 2.7.6 is affected by a privilege escalation where an unauthenticated user is able to create an administrator account for wordpress itself. • https://www.exploit-db.com/exploits/50752 https://github.com/biulove0x/CVE-2022-0441 https://github.com/tegal1337/CVE-2022-0441 https://github.com/kyukazamiqq/CVE-2022-0441 https://plugins.trac.wordpress.org/changeset/2667195 https://wpscan.com/vulnerability/173c2efe-ee9c-4539-852f-c242b4f728ed • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4340 – uListing <= 1.6.6 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-4340
The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities https://www.wordfence.com/threat-intel/vulnerabilities/id/10b7a88f-ce46-42aa-ab5a-81f38288a659?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36879 – WordPress uListing plugin <= 2.0.5 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2021-36879
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. Una vulnerabilidad de Escalada de Privilegios no autenticada en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola). Es posible si la configuración de WordPress permite un registro de usuarios • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-unauthenticated-privilege-escalation-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •