CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31290 – WordPress Demo My WordPress plugin <= 1.0.9.1 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-31290
05 Apr 2024 — Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1. Vulnerabilidad de gestión de privilegios incorrecta en CodeRevolution Demo My WordPress permite la escalada de privilegios. Este problema afecta a Demo My WordPress: desde n/a hasta 1.0.9.1. The Demo My WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.9.1. This is due to insuff... • https://patchstack.com/database/vulnerability/demo-my-wordpress/wordpress-demo-my-wordpress-plugin-1-0-9-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31350 – WordPress AWP Classifieds plugin <= 4.3.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31350
05 Apr 2024 — Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1. Vulnerabilidad de autorización faltante en AWP Classifieds Team AWP Classifieds. Este problema afecta a AWP Classifieds: desde n/a hasta 4.3.1. The AWP Classifieds plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.3.1. This makes it possible for authenticated attackers, with subscrib... • https://patchstack.com/database/vulnerability/another-wordpress-classifieds-plugin/wordpress-awp-classifieds-plugin-4-3-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 1CVE-2024-31210 – PHP file upload bypass via Plugin installer
https://notcve.org/view.php?id=CVE-2024-31210
04 Apr 2024 — WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credentials are requested for installation (in order to move the file into place outside of the `uploads` directory) then the uploaded file remains temporary available in the Media Library despite it not being allowed. If the `DISALLOW_FILE_EDIT` constant is set to `true`... • https://github.com/Abo5/CVE-2024-31210 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 0CVE-2023-5692 – WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink
https://notcve.org/view.php?id=CVE-2023-5692
04 Apr 2024 — WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'. WordPress Core es vulnerable a la exposición de información confidencial en versiones hasta la 6.4.3 incluida a través de la función redirect_guess_404_permalink. Esto puede permitir a atacantes no autenticados exponer el... • https://core.trac.wordpress.org/changeset/57645 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.9EPSS: 1%CPEs: 1EXPL: 0CVE-2024-30243 – WordPress Tooltips plugin < 9.4.5 - Auth. SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30243
26 Mar 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Tomas WordPress Tooltips. Este problema afecta la información sobre herramientas de WordPress: desde n/a antes de 9.4.5. The WordPress Tooltips plugin for WordPress is vulnerable to SQL Injection in all v... • https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-4-5-contributor-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22299 – WordPress FV Player plugin <= 7.5.41.7212 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-22299
26 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Foliovision: Making the web work for you FV Flowplayer Video Player permite XSS reflejado. Este problema afecta a FV Flow... • https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-player-plugin-7-5-41-7212-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29915 – WordPress Podlove Podcast Publisher plugin <= 4.0.9 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29915
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Podlove Podlove Podcast Publisher permite el XSS reflejado. Este problema afecta a Podlove Podcast Publisher: desde n/a hasta 4.0.9. The Podlove Podcast Publis... • https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29122 – WordPress FV Player plugin <= 7.5.41.7212 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29122
16 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Foliovision: hacer que la web funcione para usted FV Flowplayer Video Player permite almacenar XSS. Este problema afecta a F... • https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-player-plugin-7-5-41-7212-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24837 – Cross-Site Request Forgery (CSRF) vulnerability in FG PrestaShop, FG Drupal and FG Joomla WordPress plugins
https://notcve.org/view.php?id=CVE-2024-24837
02 Feb 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Frédéric GILLES FG PrestaShop a WooCommerce, Frédéric GILLES FG Drupal a WordPress, Frédéric GILLES FG Joomla... • https://patchstack.com/database/vulnerability/fg-drupal-to-wp/wordpress-fg-drupal-to-wordpress-plugin-3-67-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6783 – WolfNet IDX for WordPress <= 1.19.1 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-6783
23 Jan 2024 — The WolfNet IDX for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has bee... • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •