CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1232 – CM Download Manager < 2.9.0 - Download Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-1232
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack El complemento CM Download Manager de WordPress anterior a 2.9.0 no tiene comprobaciones CSRF en algunos lugares, lo que podría permitir a los atacantes hacer que los administradores registrados eliminen las descargas mediante un ataque CSRF. The CM Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 2.9.0. This is due to missing or incorrect nonce validation on the 'delHeader' function. This makes it possible for unauthenticated attackers to delete downloads via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/2a29b509-4cd5-43c8-84f4-f86251dd28f8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1846 – Responsive Tabs < 4.0.7 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-1846
The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks El complemento Responsive Tabs para WordPress anterior a 4.0.7 no valida ni escapa algunos de sus atributos de código corto antes de devolverlos a una página/publicación donde está incrustado el código corto, lo que podría permitir a los usuarios con el rol de colaborador y superiores realizar ataques de Cross-Site Scripting Almacenado The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tabs_color value in all versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/ea2a8420-4b0e-4efb-a0c6-ceea996dae5a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7201 – Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-7201
The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) El complemento Everest Backup de WordPress anterior a 2.2.5 no valida correctamente la carga de los archivos de copia de seguridad, lo que permite a usuarios con privilegios elevados, como el administrador, cargar archivos arbitrarios en el servidor incluso cuando no se les debería permitir (por ejemplo, en una configuración multisitio). The Everest Backup plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the backup file upload functionality in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/64ba4461-bbba-45eb-981f-bb5f2e5e56e1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1204 – Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
https://notcve.org/view.php?id=CVE-2024-1204
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. El complemento Meta Box de WordPress anterior a 5.9.4 no impide que los usuarios con al menos el rol de colaborador accedan a campos personalizados arbitrarios asignados a las publicaciones de otros usuarios. The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 5.9.3. This is due to the plugin not properly restricting the post meta that can be displayed through the 'rwmb_meta' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve arbitrary post meta information. • https://wpscan.com/vulnerability/03191b00-0b05-42db-9ce2-fc525981b6c9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2024-2858 – Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-2858
The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks El complemento Simple Buttons Creator de WordPress hasta la versión 1.04 no tiene comprobaciones CSRF en algunos lugares, lo que podría permitir a los atacantes hacer que los usuarios que han iniciado sesión realicen acciones no deseadas a través de ataques CSRF. The Simple Buttons Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.04. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary buttons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://github.com/Alaatk/CVE-2024-28589 https://wpscan.com/vulnerability/43297210-17a6-4b51-b8ca-32ceef9fc09a • CWE-352: Cross-Site Request Forgery (CSRF) •