CVE-2024-5059 – WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-5059
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en A WP Life Event Management Tickets Booking. Este problema afecta a Event Management Tickets Booking: desde n/a hasta 1.4.0. The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/event-monster/wordpress-event-monster-plugin-1-4-0-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-35722 – WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35722
Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through 1.4.0. Vulnerabilidad de falta de autorización en A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow. Este problema afecta a una presentación de diapositivas adaptable al control deslizante: control deslizante de imágenes, presentación de diapositivas de la galería: desde n/a hasta 1.4.0. The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the _ajax_slide_responsive and _sr_save_settings functions in versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify plugin settings. • https://patchstack.com/database/vulnerability/slider-responsive-slideshow/wordpress-slider-responsive-slideshow-image-slider-gallery-slideshow-plugin-1-4-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2024-35721 – WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35721
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5. Vulnerabilidad de autorización faltante en A WP Life Image Gallery: Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery. Este problema afecta a la Galería de imágenes: Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: desde n/a hasta 1.4.5. The Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the _ajax_image_gallery and _ig_save_settings functions in versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify plugin settings. • https://patchstack.com/database/vulnerability/new-image-gallery/wordpress-image-gallery-plugin-1-4-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-47525 – WordPress Event Management Tickets Booking Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-47525
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event allows Stored XSS.This issue affects Event Monster – Event Management, Tickets Booking, Upcoming Event: from n/a through 1.3.2. La neutralización incorrecta de la entrada durante la vulnerabilidad de generación de páginas web ('cross-site Scripting') en A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event permite XSS almacenado. Este problema afecta a Event Monster – Event Management, Tickets Booking, Upcoming Event : desde n/a hasta 1.3.2. The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/event-monster/wordpress-event-monster-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-5291 – Blog Filter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
https://notcve.org/view.php?id=CVE-2023-5291
The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Blog Filter para WordPress es vulnerable a los Cross-Site Scripting (XSS) a través del shortcode 'AWL-BlogFilter' en versiones hasta la 1.5.3 incluida debido a una sanitización de entrada y a un escape de salida en los atributos proporcionados por el usuario insuficientes. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://plugins.trac.wordpress.org/browser/blog-filter/tags/1.5.3/blog-filter-output.php#L128 https://plugins.trac.wordpress.org/changeset/2974261/blog-filter#file54 https://www.wordfence.com/threat-intel/vulnerabilities/id/b95c1bf7-bb05-44d3-a185-7e38e62b7201?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •