CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2386 – Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2386
The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting El plugin Crowdsignal Dashboard de WordPress versiones anteriores a 3.0.8, no sanea y escapa de un parámetro antes de devolverlo a la página, lo que conlleva a un ataque de tipo Cross-Site Scripting Reflejado The Crowdsignal Dashboard – Polls, Surveys & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mediaType' parameter in versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/47855d4b-9f6a-4fc7-b231-4337f51c8886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20086 – VaultPress Plugin code injection
https://notcve.org/view.php?id=CVE-2017-20086
A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely. Se ha encontrado una vulnerabilidad, clasificada como crítica, en el plugin VaultPress versión 1.8.4. • http://seclists.org/fulldisclosure/2017/Feb/95 https://vuldb.com/?id.97383 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 10%CPEs: 31EXPL: 2CVE-2021-32789 – Arbitrary SQL (SQL injection) possible via the Store API component.
https://notcve.org/view.php?id=CVE-2021-32789
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. • https://github.com/and0x00/CVE-2021-32789 https://github.com/DonVorrin/CVE-2021-32789 https://github.com/woocommerce/woocommerce-gutenberg-products-block-ghsa-6hq4-w6wv-8wrp/pull/1 https://github.com/woocommerce/woocommerce-gutenberg-products-block/security/advisories/GHSA-6hq4-w6wv-8wrp https://hackerone.com/reports/1260787 https://woocommerce.com/posts/critical-vulnerability-detected-july-2021 https://wooengineering.wordpress.com/2021/07/14/incident-report-sql-injection-via-store-api • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24374 – Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak
https://notcve.org/view.php?id=CVE-2021-24374
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked. El módulo Jetpack Carousel del plugin JetPack de WordPress versiones anteriores a 9.8, permite a usuarios crear una galería de imágenes de tipo "carousel" y permite a usuarios comentar las imágenes. Se encontró una vulnerabilidad de seguridad en el módulo Jetpack Carousel por la función nguyenhg_vcs que permitía filtrar los comentarios de las páginas/posts no publicados • https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24312 – WP Super Cache < 1.7.3 - Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-24312
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209. Los parámetros $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages usados en la configuración del plugin WP Super Cache de WordPress versiones anteriores a 1.7.3 resultan en RCE porque permiten la entrada de "$" y "\n". Esto es debido a una corrección incompleta de CVE-2021-24209 • https://wpscan.com/vulnerability/2142c3d3-9a7f-4e3c-8776-d469a355d62f • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •