CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33925 – WordPress Embed Google Fonts plugin <= 3.1.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33925
Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0. Vulnerabilidad de autorización faltante en Adrian Mörchen Embed Google Fonts. Este problema afecta a Embed Google Fonts: desde n/a hasta 3.1.0. The Embed Google Fonts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/embed-google-fonts/wordpress-embed-google-fonts-plugin-3-1-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33640 – WordPress Pretty Google Calendar plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33640
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through 1.7.2. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en LBell Pretty Google Calendar permite almacenar XSS. Este problema afecta a Pretty Google Calendar: desde n/a hasta 1.7.2. The Pretty Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/pretty-google-calendar/wordpress-pretty-google-calendar-plugin-1-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32777 – WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32777
Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through 4.3.39. Vulnerabilidad de autorización faltante en BizSwoop de CPF Concepts, LLC Brand BizPrint. Este problema afecta a BizPrint: desde n/a hasta 4.3.39. The BizPrint plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showTemplatePreview() function in versions up to, and including, 4.3.39. This makes it possible for unauthenticated attackers to preview templates. • https://patchstack.com/database/vulnerability/print-google-cloud-print-gcp-woocommerce/wordpress-bizprint-plugin-4-3-39-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32775 – WordPress Embed Google Photos album plugin <= 2.1.9 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32775
Server-Side Request Forgery (SSRF) vulnerability in Pavex Embed Google Photos album.This issue affects Embed Google Photos album: from n/a through 2.1.9. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Pavex Embed Google Photos album. Este problema afecta al álbum Embed Google Photos: desde n/a hasta 2.1.9. The Embed Google Photos album plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.0 via the Pavex_embed_google_photos_album class. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/embed-google-photos-album-easily/wordpress-embed-google-photos-album-plugin-2-1-9-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32813 – WordPress Integrate Google Drive plugin <= 1.3.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32813
Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.9. Vulnerabilidad de falta de autorización en SoftLab Integrate Google Drive. Este problema afecta a Integrate Google Drive: desde n/a hasta 1.3.9. The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in versions up to, and including, 1.3.9. This makes it possible for unauthenticated attackers to perform unauthorized actions. • https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •