CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24451 – Export Users With Meta < 0.6.5 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24451
The Export Users With Meta WordPress plugin before 0.6.5 did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection. El plugin Export Users With Meta WordPress versiones anteriores a 0.6.5, no escapa de la lista de roles a exportar antes de usarlos en una sentencia SQL en la funcionalidad export, disponible para los administradores, conllevando a una inyección SQL autenticada • https://wpscan.com/vulnerability/40603382-404b-44a2-8212-f2008366891c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27356 – Debug Meta Data <= 1.1.2 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-27356
The debug-meta-data plugin 1.1.2 for WordPress allows XSS. El plugin debug-meta-data versión 1.1.2 para WordPress, permite un ataque de tipo XSS The Debug Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on the a user's user-agent HTTP header value. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://github.com/ahmadawais/debug-meta-data/blob/master/changelog.md https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0009/MNDT-2021-0009.md https://wordpress.org/plugins/debug-meta-data/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2014-9363
https://notcve.org/view.php?id=CVE-2014-9363
Open redirect vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. Vulnerabilidad de redirección abierta en el formulario para editar las metaetiquetas basadas en rutas en el módulo Meta tags quick 7.x-2.x anterior a 7.x-2.8 para Drupal permite a usuarios remotos autenticados redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través del parámetro destination. • https://www.drupal.org/node/2295975 https://www.drupal.org/node/2296511 •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2014-9362
https://notcve.org/view.php?id=CVE-2014-9362
Cross-site scripting (XSS) vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users with the "Edit path based meta tags" permission to inject arbitrary web script or HTML via vectors related to deleting a Path-based Metatag. Vulnerabilidad de XSS en el formulario para editar metaetiquetas basadas en rutas en el módulo Meta tags quick 7.x-2.x anterior a 7.x-2.8 para Drupal permite a usuarios remotos autenticados con el permiso 'editar metaetiquetas basadas en rutas' inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con la eliminación de una metaetiqueta basad en rutas. • https://www.drupal.org/node/2295975 https://www.drupal.org/node/2296511 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0665
https://notcve.org/view.php?id=CVE-2008-0665
wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. wml_backend/p1_ipp/ipp.src en Website META Language (WML) 2.0.11. Permite a usuarios locales sobrescribir archivos de su elección a través de un ataque de enlace simbólico en el archivo temporal ipp.$$.tmp. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463907 http://secunia.com/advisories/28829 http://secunia.com/advisories/28856 http://secunia.com/advisories/29353 http://security.gentoo.org/glsa/glsa-200803-23.xml http://www.debian.org/security/2008/dsa-1492 http://www.mandriva.com/security/advisories?name=MDVSA-2008:076 http://www.securityfocus.com/bid/27685 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •