CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2697 – Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2024-2697
The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. El complemento de WordPress socialdriver-framework anterior a 2024.0.0 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a la página, lo que podría permitir a los usuarios con un rol tan bajo como colaborador realizar ataques de Cross-Site Scripting almacenado que podrían ser utilizados contra usuarios con privilegios elevados, como administradores. The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to 2024.0.0 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/c430b30d-61db-45f5-8499-91b491503b9c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4750 – BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment
https://notcve.org/view.php?id=CVE-2024-4750
The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request El complemento buddyboss-platform de WordPress anterior a 2.6.0 contiene una vulnerabilidad IDOR que permite a un usuario darle me gusta a una publicación privada manipulando la identificación incluida en la solicitud. The Buddyboss Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.91 via the activity_mark_fav AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to like private posts. • https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4857 – FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS
https://notcve.org/view.php?id=CVE-2024-4857
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks El complemento FS Product Inquiry de WordPress hasta la versión 1.1.1 no sanitiza ni escapa a algunos envíos de formularios, lo que podría permitir a usuarios no autenticados realizar ataques de Cross-Site Scripting Almacenado. The FS Product Inquiry plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/bf1b8434-b361-4666-9058-d9f08c09d083 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-0757 – Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE
https://notcve.org/view.php?id=CVE-2024-0757
The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files El complemento Insert or Embed Articulate Content en WordPress hasta 4.3000000023 no filtra correctamente qué extensiones de archivo pueden importarse en el servidor, lo que permite cargar código malicioso dentro de archivos zip. The Insert or Embed Articulate Content into WordPress plugin for WordPress is vulnerable to arbitrary file uploads through insecure file uploads in a zip archive in all versions up to, and including, 4.3000000023. This makes it possible for unauthenticated attackers to upload zip files containing phar files on the affected site's server which may make remote code execution possible. • https://github.com/hunThubSpace/CVE-2024-0757-Exploit https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd5f836 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4057 – Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-4057
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.37 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks El complemento Gutenberg Blocks with AI by Kadence WP WordPress anterior a 3.2.37 no valida ni escapa algunos de sus atributos de bloque antes de devolverlos a una página/publicación donde está incrustado el bloque, lo que podría permitir a los usuarios con el rol de colaborador y superiores realizar ataques de Cross-Site Scripting almacenado The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fileUrl attribute in versions up to, and including 3.2.36, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/da4d4d87-07b3-4f7d-bcbd-d29968a30b4f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •