CVE-2021-24697 – Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24697
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues El plugin Simple Download Monitor de WordPress versiones anteriores a 3.9.5, no escapa de los parámetros 1) sdm_active_tab GET y 2) sdm_stats_start_date/sdm_stats_end_date POST antes de devolverlos en atributos, conllevando a problemas de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/ef9ae513-6c29-45c2-b5ae-4a06a217c499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24693 – Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail
https://notcve.org/view.php?id=CVE-2021-24693
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could make JavaScript code execute in a context of a reviewer such as admin and make them create a rogue admin account, or install a malicious plugin El plugin Simple Download Monitor de WordPress versiones anteriores a 3.9.5, no escapa de la meta del post "File Thumbnail" antes de mostrarla en algunas páginas, que podría permitir a usuarios con un rol tan bajo como el de Contribuyente llevar a cabo ataques de tipo Cross-Site Scripting Almacenado. Dado que el ataque de tipo XSS es desencadenado incluso cuando la descarga está en un estado de revisión, el colaborador podría hacer que el código JavaScript se ejecute en un contexto de un revisor como administrador y hacer que creen una cuenta de administrador falsa, o instalar un plugin malicioso • https://wpscan.com/vulnerability/4bb559b7-8dde-4c90-a9a6-d8dcfbea53a7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24799 – Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2021-24799
The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. El plugin Far Future Expiry Header de WordPress versiones anteriores a 1.5 no presenta una comprobación de tipo CSRF cuando guarda sus ajustes, lo que podría permitir a atacantes hacer que un administrador conectado los cambie por medio de un ataque de tipo CSRF • https://wpscan.com/vulnerability/6010ce4e-3e46-4cc1-96d8-560b30b605ed • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-24734 – Compact WP Audio Player < 1.9.7 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24734
The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. El plugin Compact WP Audio Player de WordPress versiones anteriores a 1.9.7, no escapa a algunos de sus atributos de shortcodes, que podría permitir a usuarios con un rol tan bajo como el de Contribuyente llevar a cabo ataques de tipo Cross-Site Scripting Almacenado • https://wpscan.com/vulnerability/fb007191-b008-4d19-b896-55fbee2a3cf7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24735 – Compact WP Audio Player < 1.9.7 - Setting Change via CSRF
https://notcve.org/view.php?id=CVE-2021-24735
The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack. El plugin Compact WP Audio Player de WordPress versiones anteriores a 1.9.7, no implementa comprobaciones de nonce, que podría permitir a atacantes hacer que un administrador conectado cambie el ajuste "Disable Simultaneous Play" por medio de un ataque de tipo CSRF • https://wpscan.com/vulnerability/dcbcf6e7-e5b3-498b-9f5e-7896d309441f • CWE-352: Cross-Site Request Forgery (CSRF) •