CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24329 – WP Super Cache < 1.7.3 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24329
The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue. El plugin WP Super Cache WordPress versiones anteriores a 1.7.3, no saneababa apropiadamente su parámetro wp_cache_location en su configuración, lo que podría conllevar a no saneababa correctamenteun problema de tipo Cross-Site Scripting almacenados The Twitter Bootstrap Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_cache_location' parameter in versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://m0ze.ru/vulnerability/%5B2021-03-23%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Super-Cache-WordPress-Plugin-v1.7.2.txt https://wpscan.com/vulnerability/9df86d05-1408-4c22-af55-5e3d44249fd0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24209 – WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2021-24209
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. El plugin WordPress WP Super Cache versiones anteriores a 1.7.2, estuvo afectado por una RCE autenticado (admin+) en la página de configuración debido a una falta de comprobación de entrada y una comprobación débil de $cache_path en la opción WP Super Cache Settings-) Cache Location. El acceso directo al archivo wp-cache-config.php no está prohibido, por lo que esta vulnerabilidad puede ser explotada para una inyección de shell web • https://plugins.trac.wordpress.org/changeset/2496238/wp-super-cache https://wpscan.com/vulnerability/733d8a02-0d44-4b78-bbb2-37e447acd2f3 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8215
https://notcve.org/view.php?id=CVE-2020-8215
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. Un desbordamiento de búfer está presente en canvas versiones anteriores a 1.6.9 e incluyéndola, que podría conllevar a una Denegación de Servicio o ejecución de código arbitrario cuando procesa una imagen proporcionada por el usuario • https://hackerone.com/reports/315037 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17058 – WordPress Plugin WooCommerce 2.0/3.0 - Directory Traversal
https://notcve.org/view.php?id=CVE-2017-17058
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code ** EN DISPUTA ** El plugin WooCommerce hasta la versión 3.x para WordPress contiene una vulnerabilidad de salto de directorio mediante un URI /wp-content/plugins/woocommerce/templates/emails/plain/ que accede a un directorio principal. NOTA: un mantenedor de software indica que no es posible que se produzca un salto de directorio debido a que todos los archivos de template contienen código "if (!defined('ABSPATH')) {exit;}". • https://www.exploit-db.com/exploits/43196 https://github.com/fu2x2000/CVE-2017-17058-woo_exploit https://github.com/woocommerce/woocommerce/issues/17964 https://www.exploit-db.com/ghdb/4613 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18356 – WooCommerce <= 3.2.3 - Authenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2017-18356
In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection involving the includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes. En el plugin Automattic WooCommerce en versiones anteriores a la 3.2.4 para WordPress, es posible realizar un ataque tras obtener acceso al sitio objetivo con una cuenta de usuario que tiene, al menos, privilegios de gerente de tienda. El atacante construye una cadena especialmente manipulada que se convertirá en una inyección de objetos PHP relacionada con el uso de consultas en caché en códigos cortos en WC_Shortcode_Products::get_products(), en includes/shortcodes/class-wc-shortcode-products.php. • https://blog.ripstech.com/2018/woocommerce-php-object-injection https://woocommerce.wordpress.com/2017/11/16/woocommerce-3-2-4-security-fix-release-notes • CWE-94: Improper Control of Generation of Code ('Code Injection') •