CVE-2022-4974 – Freemius SDK <= 2.4.2 - Missing Authorization Checks
https://notcve.org/view.php?id=CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. • https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=cve https://wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a https://freemius.com/blog/managing-security-issues-open-source-freemius-sdk-security-disclosure https://wpdirectory.net/search/01FWPVWA7BC5DYGZHNSZQ9QMN5 https://wpdirectory.net/search/01G02RSGMFS1TPT63FS16RWEYR https://web.archive.org/web/20220225174410/https%3A//www.pluginvulnerabilities.com/2022/02/25/our-security-review-of-wordpress-plugin-found-freemius-li • CWE-862: Missing Authorization •
CVE-2021-25050 – Remove Footer Credit < 1.0.11 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25050
The Remove Footer Credit WordPress plugin before 1.0.11 does properly sanitise its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. El plugin Remove Footer Credit de WordPress versiones anteriores a 1.0.11, no sanea correctamente sus parámetros, permitiendo a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando unfiltered_html está deshabilitado • https://plugins.trac.wordpress.org/changeset/2655918 https://wpscan.com/vulnerability/25a28adb-794f-4bdb-89e8-060296b45b38 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24908 – Check & Log Email < 1.0.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24908
The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting El plugin Check & Log Email de WordPress versiones anteriores a 1.0.4, no escapa el parámetro d antes de devolverlo en un atributo, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/77f50129-4b1f-4e50-8321-9dd32deba6e1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-23174 – WordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-23174
Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. Se ha detectado una vulnerabilidad de tipo Cross-Site Scripting (XSS) persistente y autenticada (admin+) en el plugin Download Monitor de WordPress (versiones anteriores a 4.4.6 incluyéndola) Parámetros vulnerables: &post_title, &downloadable_file_version[0] • https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-4-6-authenticated-persistent-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-31567 – WordPress Download Monitor plugin <= 4.4.6 - Authenticated Arbitrary File Download vulnerability
https://notcve.org/view.php?id=CVE-2021-31567
Authenticated (admin+) Arbitrary File Download vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6). The plugin allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the &downloadable_file_urls[0] parameter data. It's also possible to escape from the web server home directory and download any file within the OS. Se ha detectado una vulnerabilidad de Descarga de Archivos Arbitrarios Autenticada (admin+) en el plugin Download Monitor de WordPress (versiones anteriores a 4.4.6 incluyéndola). El plugin permite descargar archivos arbitrarios, incluyendo archivos de configuración confidenciales como wp-config.php, por medio de los datos del parámetro &downloadable_file_urls[0]. • https://github.com/WPChill/download-monitor/blob/master/changelog.txt https://patchstack.com/database/vulnerability/download-monitor/wordpress-download-monitor-plugin-4-4-6-authenticated-arbitrary-file-download-vulnerability https://wordpress.org/plugins/download-monitor/#developers • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •