CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4497 – Jetpack CRM < 5.5 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4497
The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins The Jetpack CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode in versions up to, and including, 5.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/3fa6c8b3-6b81-4fe3-b997-25c9e5fdec86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3919 – Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-3919
The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El complemento Jetpack CRM para WordPress anterior a 5.4.3 no sanitiza ni escapa de su configuración, lo que permite a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida. The Jetpack CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings in versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/fe2f1d52-8421-4b46-b829-6953a0472dcb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45069 – WordPress Crowdsignal Dashboard plugin <= 3.0.9 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2022-45069
Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. Vulnerabilidad de escalada de privilegios autenticada (con permisos de colaboradores o superiores) en el complemento Crowdsignal Dashboard de Wordpress en versiones <= 3.0.9. The Crowdsignal Dashboard plugin for WordPress is vulnerable to Authorization Bypass in versions up to, and including, 3.0.9. This is due to missing authorization checks on the settings page that made it possible for contributor-level attackers to load the ratings settings page and modify the settings. • https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-dashboard-plugin-3-0-9-privilege-escalation-vulnerability?_s_id=cve • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-2034 – Sensei LMS < 4.5.0 - Unauthenticated Private Messages Disclosure via Rest API
https://notcve.org/view.php?id=CVE-2022-2034
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers El plugin Sensei LMS de WordPress versiones anteriores a 4.5.0, no presenta los permisos apropiados establecidos en uno de sus endpoints REST, lo que permite a usuarios no autenticados acceder a los mensajes privados enviados a los profesores The Sensei LMS plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 4.4.3. This is due to missing permission checks on one of its REST endpoints and allows unauthenticated attackers to extract sensitive data including private messages sent to teachers. • https://hackerone.com/reports/1590237 https://wpscan.com/vulnerability/aba3dd58-7a8e-4129-add5-4dd5972c0426 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2080 – Sensei LMS < 4.5.2 - Arbitrary Private Message Sending via IDOR
https://notcve.org/view.php?id=CVE-2022-2080
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student El plugin Sensei LMS de WordPress versiones anteriores a 4.5.2, no asegura que el remitente de un mensaje privado sea el profesor o el remitente original, permitiendo que cualquier usuario autenticado envíe mensajes a una conversación privada arbitraria por medio de un ataque IDOR. Nota: Los atacantes no pueden visualizar las respuestas/mensajes entre el profesor y el alumno The Sensei LMS plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 4.5.1. This is because the plugin does not properly authenticate individuals before they send emails through the system. This makes it possible for attackers to send emails to arbitrary users and impersonate other individuals. • https://hackerone.com/reports/1592596 https://wpscan.com/vulnerability/5395d196-a39a-4a58-913e-5b5b9d6123a5 • CWE-639: Authorization Bypass Through User-Controlled Key CWE-862: Missing Authorization •