CVE-2024-31285 – WordPress WordPress Tooltips plugin <= 9.5.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31285
Cross-Site Request Forgery (CSRF) vulnerability in Tooltip WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 9.5.3. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Tooltip WordPress Tooltips permite almacenar XSS. Este problema afecta a la información sobre herramientas de WordPress: desde n/a hasta 9.5.3. The WordPress Tooltips plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 9.4.9. This is due to missing or incorrect nonce validation on several functions. • https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-31290 – WordPress Demo My WordPress plugin <= 1.0.9.1 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-31290
Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1. Vulnerabilidad de gestión de privilegios incorrecta en CodeRevolution Demo My WordPress permite la escalada de privilegios. Este problema afecta a Demo My WordPress: desde n/a hasta 1.0.9.1. The Demo My WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.9.1. This is due to insufficient verification on privilege assignment. • https://patchstack.com/database/vulnerability/demo-my-wordpress/wordpress-demo-my-wordpress-plugin-1-0-9-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVE-2024-31210 – PHP file upload bypass via Plugin installer
https://notcve.org/view.php?id=CVE-2024-31210
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credentials are requested for installation (in order to move the file into place outside of the `uploads` directory) then the uploaded file remains temporary available in the Media Library despite it not being allowed. If the `DISALLOW_FILE_EDIT` constant is set to `true` on the site _and_ FTP credentials are required when uploading a new theme or plugin, then this technically allows an RCE when the user would otherwise have no means of executing arbitrary PHP code. This issue _only_ affects Administrator level users on single site installations, and Super Admin level users on Multisite installations where it's otherwise expected that the user does not have permission to upload or execute arbitrary PHP code. • https://github.com/Abo5/CVE-2024-31210 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x79f-xrjv-jx5r • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-5692 – WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink
https://notcve.org/view.php?id=CVE-2023-5692
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'. WordPress Core es vulnerable a la exposición de información confidencial en versiones hasta la 6.4.3 incluida a través de la función redirect_guess_404_permalink. Esto puede permitir a atacantes no autenticados exponer el slug de una publicación personalizada cuyo estado de publicación 'publicly_queryable' se ha establecido en 'falso'. • https://core.trac.wordpress.org/changeset/57645 https://developer.wordpress.org/reference/functions/is_post_publicly_viewable https://developer.wordpress.org/reference/functions/is_post_type_viewable https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763 https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-30243 – WordPress Tooltips plugin < 9.4.5 - Auth. SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30243
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Tomas WordPress Tooltips. Este problema afecta la información sobre herramientas de WordPress: desde n/a antes de 9.4.5. The WordPress Tooltips plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 9.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-9-4-5-contributor-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •