CVE-2024-10786 – Simple Local Avatars <= 2.7.11 - Missing Authorization to Authenticated (Subscriber+) User Cache Clearing
https://notcve.org/view.php?id=CVE-2024-10786
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear user caches. • https://plugins.trac.wordpress.org/browser/simple-local-avatars/tags/2.7.11/includes/class-simple-local-avatars.php#L1374 https://plugins.trac.wordpress.org/changeset/3186674/simple-local-avatars/tags/2.8.0/includes/class-simple-local-avatars.php https://www.wordfence.com/threat-intel/vulnerabilities/id/e2619d50-e295-4e13-91d4-f998b8aa5be4?source=cve • CWE-862: Missing Authorization •
CVE-2024-35684 – WordPress ElasticPress plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-35684
Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through 5.1.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en 10up ElasticPress. Este problema afecta a ElasticPress: desde n/a hasta 5.1.0. The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the do_sync function. • https://patchstack.com/database/vulnerability/elasticpress/wordpress-elasticpress-plugin-5-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-1613 – Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing
https://notcve.org/view.php?id=CVE-2022-1613
The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations. El plugin Restricted Site Access de WordPress versiones anteriores a 7.3.2, prioriza la obtención de la IP de un visitante a partir de determinados encabezados HTTP sobre REMOTE_ADDR de PHP, lo que hace posible saltarse las limitaciones basadas en la IP en determinadas situaciones. The Restricted Site Access plugin for WordPress is vulnerable to IP Spoofing in versions up to, and including, 7.3.1 due to prioritizing getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR. This makes it possible to bypass IP-based limitations in certain situations. • https://wpscan.com/vulnerability/c03863ef-9ac9-402b-8f8d-9559c9988e2b • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2022-1091 – Safe SVG < 1.9.10 - SVG Sanitisation Bypass
https://notcve.org/view.php?id=CVE-2022-1091
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks). El paso de saneo del plugin Safe SVG de WordPress versiones anteriores a 1.9.10, puede ser omitido al suplantar el tipo de contenido en la petición POST para subir un archivo. Explotando esta vulnerabilidad, un atacante podrá llevar a cabo los tipos de ataques que este plugin debería prevenir (principalmente de tipo XSS, pero dependiendo del uso posterior de los archivos SVG subidos, potencialmente otros ataques XML) • https://github.com/10up/safe-svg/pull/28 https://wpscan.com/vulnerability/4d12533e-bdb7-411f-bcdf-4c5046db13f3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-4405 – ElasticPress <= 3.5.3 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2021-4405
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed parameters for autosuggest to elasticpress[.]io via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El plugin ElasticPress para WordPress es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF) en versiones hasta la 3.5.3 inclusive. Esto es debido a la falta o incorrecta validación nonce en la función "epio_send_autosuggest_allowed()". • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1 https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2 https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3 https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4 https://blo • CWE-352: Cross-Site Request Forgery (CSRF) •