CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2548 – RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change
https://notcve.org/view.php?id=CVE-2023-2548
The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers, with administrator-level permissions and above, to change user passwords and potentially take over super-administrator accounts in multisite setup. • https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/tags/5.2.0.5/includes/class_rm_utilities.php#L3044 https://www.wordfence.com/threat-intel/vulnerabilities/id/bfbc406b-49af-419e-adeb-0510794b7e3f?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0889 – TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update
https://notcve.org/view.php?id=CVE-2023-0889
Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the default role to administrator The Themeflection Numbers plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the tf_numb_save_licenses function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation. Version 2.0.0 introduced a partial patch which prevented privilege escalation but still potentially allowed data modification. • https://wpscan.com/vulnerability/c39473a7-47fc-4bce-99ad-28d03f41e74e • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0940 – ProfileGrid < 5.3.1 - Subscriber+ Arbitrary Password Reset
https://notcve.org/view.php?id=CVE-2023-0940
The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones. The ProfileGrid plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the pm_reset_user_password function in versions up to, and including, 5.3.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to change the passwords of any user. • https://wpscan.com/vulnerability/56744f72-2d48-4f42-8195-24b4dd951bb5 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25991 – WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25991
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions. The RegistrationMagic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.9.2. This is due to missing or incorrect nonce validation on the 'remove' function inside the 'class_rm_form_controller.php' file. This makes it possible for unauthenticated attackers to remove certain form metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-custom-registration-forms-user-registration-and-user-login-plugin-plugin-5-1-9-2-multiple-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41791 – WordPress ProfileGrid plugin <= 5.1.6 - Auth. CSV Injection vulnerability
https://notcve.org/view.php?id=CVE-2022-41791
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. Vulnerabilidad de inyección CSV autenticada (con permisos de suscriptor o superiores) en el complemento ProfileGrid en Wordpress en versiones <= 5.1.6. The ProfileGrid plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 5.1.6, via the 'pm_get_csv_single_user_row' function. This allows subscriber-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. • https://patchstack.com/database/vulnerability/profilegrid-user-profiles-groups-and-communities/wordpress-profilegrid-plugin-5-1-6-csv-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •