CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2996 – Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API
https://notcve.org/view.php?id=CVE-2023-2996
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. The Jetpack plugin for WordPress is vulnerable to arbitrary file manipulation in versions up to, and including, 12.1. This is due to insufficient validation on data being supplied to the media API endpoint. This makes it possible for authenticated attackers, with author-level permissions and above, to modify arbitrary files in the WordPress Installation. • https://jetpack.com/blog/jetpack-12-1-1-critical-security-update https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32747 – WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-32747
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en WooCommerce WooCommerce Bookings. Este problema afecta a WooCommerce Bookings: desde n/a hasta 1.15.78. The WooCommerce Bookings plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 1.15.78. This is due to insufficient validation on a user controlled key. • https://patchstack.com/database/vulnerability/woocommerce-bookings/wordpress-woocommerce-bookings-plugin-1-15-78-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3342 – Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization
https://notcve.org/view.php?id=CVE-2022-3342
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link. • https://plugins.trac.wordpress.org/browser/zero-bs-crm/trunk/includes/ZeroBSCRM.CSVImporter.php?rev=2790863 https://plugins.trac.wordpress.org/changeset/2805282/zero-bs-crm/trunk/includes/ZeroBSCRM.CSVImporter.php https://www.wordfence.com/threat-intel/vulnerabilities/id/98ab264f-b210-41d0-bb6f-b4f31d933f80?source=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 92%CPEs: 9EXPL: 5CVE-2023-28121 – WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-28121
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated. The WooCommerce Payments plugin is vulnerable to authentication bypass via the determine_current_user_for_platform_checkout function. This allows unauthenticated attackers to impersonate arbitrary users and perform some actions as the impersonated user, which can lead to site takeover. WooCommerce-Payments plugin for Wordpress versions 4.8, 4.8.2, 4.9, 4.9.1, 5.0, 5.0.4, 5.1, 5.1.3, 5.2, 5.2.2, 5.3, 5.3.1, 5.4, 5.4.1, 5.5, 5.5.2, and 5.6, 5.6.2 contain an authentication bypass by specifying a valid user ID number within the X-WCPAY-PLATFORM-CHECKOUT-USER header. • https://github.com/gbrsh/CVE-2023-28121 https://github.com/im-hanzou/Mass-CVE-2023-28121 https://github.com/1337nemojj/CVE-2023-28121 https://github.com/Jenderal92/WP-CVE-2023-28121 https://github.com/rio128128/Mass-CVE-2023-28121-kdoec https://developer.woocommerce.com/2023/03/23/critical-vulnerability-detected-in-woocommerce-payments-what-you-need-to-know https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27429 – WordPress Jetpack CRM Plugin <= 5.4.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-27429
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions. The Jetpack CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 5.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://patchstack.com/database/vulnerability/zero-bs-crm/wordpress-jetpack-crm-clients-leads-invoices-billing-email-marketing-automation-plugin-5-4-4-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •