CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3194 – Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-3194
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. El complemento Dokan WordPress anterior a 3.6.4 permite a los proveedores inyectar javascript arbitrario en reseñas de productos, lo que puede permitirles ejecutar ataques de XSS almacenado contra otros usuarios, como administradores de sitios. The Dokan plugin for WordPress is vulnerable to Stored Cross-Site Scripting via product reviews in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with vendor permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was the result of the plugin enabling unfiltered_html capabilities for this user role. • https://wpscan.com/vulnerability/85e32913-dc2a-44c9-addd-7abde618e995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2021-25076 – WP User Frontend < 3.5.26 - SQL Injection to Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25076
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting El plugin WP User Frontend de WordPress versiones anteriores a 3.5.26, no comprueba ni escapa del parámetro status antes de usarlo en una sentencia SQL en el panel de control de los suscriptores, conllevando a una inyección SQL. Debido a una falta de saneo y escape, esto también podría conllevar a un problema de tipo Cross-Site Scripting Reflejado WordPress WP User Frontend plugin version 3.5.25 suffers from an authenticated remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/50772 https://github.com/0xAbbarhSF/CVE-2021-25076 http://packetstormsecurity.com/files/166071/WordPress-WP-User-Frontend-3.5.25-SQL-Injection.html https://plugins.trac.wordpress.org/changeset/2648715 https://wpscan.com/vulnerability/6d3eeba6-5560-4380-a6e9-f008a9112ac6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36826 – WordPress WP Project Manager plugin <= 2.4.13 - Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36826
Authenticated (subscriber or higher user role if allowed to access projects) Stored Cross-Site Scripting (XSS) vulnerability in weDevs WP Project Manager plugin <= 2.4.13 versions. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenada y Autenticada (rol de suscriptor o usuario superior si le es permitido acceder a proyectos) en versiones anteriores a 2.4.13 incluyéndola, de weDevs WP Project Manager (plugin de WordPress) The WP Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.13 due to insufficient input sanitization and output escaping. This makes it possible for Subscriber-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/wedevs-project-manager/wordpress-wp-project-manager-plugin-2-4-13-stored-cross-site-scripting-xss-vulnerability-1?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2021-24292 – Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2021-24292
The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “title_tag” parameter. Although the element control lists a fixed set of possible html tags, it is possible to send a ‘save_builder’ request with the “heading_tag” set to “script”, and the actual “title” parameter set to JavaScript to be executed within the script tags added by the “heading_tag” parameter. El plugin Happy Addons para Elementor WordPress versiones anteriores a 2.24.0, el plugin Happy Addons Pro para Elementor WordPress versiones anteriores a 1.17.0, presentan una serie de widgets que son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) almacenado por usuarios pocos privilegiados, como contribuyentes, todos por medio de un método similar: el widget "Card" acepta un parámetro "title_tag". Aunque el control de elementos enumera un conjunto fijo de posibles etiquetas html, es posible enviar una petición "save_builder" con el "header_tag" ajustado en "script" y el parámetro "title" real ajustado en JavaScript para que sea ejecutado dentro del script. etiquetas agregadas por el parámetro "header_tag" • https://wpscan.com/vulnerability/0f20e098-8106-451f-9448-d35a79f03077 https://www.wordfence.com/blog/2021/04/recent-patches-rock-the-elementor-ecosystem • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36735 – WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.6.3 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2020-36735
The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1 https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2 https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3 https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4 https://blo • CWE-352: Cross-Site Request Forgery (CSRF) •