CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4756 – WP Backpack <= 2.1 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-4756
The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento WP Backpack de WordPress hasta la versión 2.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio). The WP Backpack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/ce4688b6-6713-43b5-aa63-8a3b036bd332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2697 – Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2024-2697
The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. El complemento de WordPress socialdriver-framework anterior a 2024.0.0 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a la página, lo que podría permitir a los usuarios con un rol tan bajo como colaborador realizar ataques de Cross-Site Scripting almacenado que podrían ser utilizados contra usuarios con privilegios elevados, como administradores. The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to 2024.0.0 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/c430b30d-61db-45f5-8499-91b491503b9c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4750 – BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment
https://notcve.org/view.php?id=CVE-2024-4750
The buddyboss-platform WordPress plugin before 2.6.0 contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request El complemento buddyboss-platform de WordPress anterior a 2.6.0 contiene una vulnerabilidad IDOR que permite a un usuario darle me gusta a una publicación privada manipulando la identificación incluida en la solicitud. The Buddyboss Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.91 via the activity_mark_fav AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to like private posts. • https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4857 – FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS
https://notcve.org/view.php?id=CVE-2024-4857
The FS Product Inquiry WordPress plugin through 1.1.1 does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks El complemento FS Product Inquiry de WordPress hasta la versión 1.1.1 no sanitiza ni escapa a algunos envíos de formularios, lo que podría permitir a usuarios no autenticados realizar ataques de Cross-Site Scripting Almacenado. The FS Product Inquiry plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/bf1b8434-b361-4666-9058-d9f08c09d083 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-0757 – Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE
https://notcve.org/view.php?id=CVE-2024-0757
The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files El complemento Insert or Embed Articulate Content en WordPress hasta 4.3000000023 no filtra correctamente qué extensiones de archivo pueden importarse en el servidor, lo que permite cargar código malicioso dentro de archivos zip. The Insert or Embed Articulate Content into WordPress plugin for WordPress is vulnerable to arbitrary file uploads through insecure file uploads in a zip archive in all versions up to, and including, 4.3000000023. This makes it possible for unauthenticated attackers to upload zip files containing phar files on the affected site's server which may make remote code execution possible. • https://github.com/hunThubSpace/CVE-2024-0757-Exploit https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd5f836 • CWE-434: Unrestricted Upload of File with Dangerous Type •