CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32681 – WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32681
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. Vulnerabilidad de autorización faltante en BdThemes Prime Slider – Addons For Elementor. Este problema afecta a Prime Slider – Complementos para Elementor: desde n/a hasta 3.13.2. The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the dci_sdk_insights, dci_sdk_dismiss_notice, and rc_sdk_dismiss_notice functions in versions up to, and including, 3.13.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices. • https://patchstack.com/database/vulnerability/bdthemes-prime-slider-lite/wordpress-prime-slider-plugin-3-13-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32682 – WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32682
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. Vulnerabilidad de autorización faltante en BdThemes Prime Slider – Addons For Elementor. Este problema afecta a Prime Slider – Complementos para Elementor: desde n/a hasta 3.13.2. The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the dismiss() function in versions up to, and including, 3.13.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices. • https://patchstack.com/database/vulnerability/bdthemes-prime-slider-lite/wordpress-prime-slider-plugin-3-13-2-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30186 – WordPress Prime Slider plugin <= 3.13.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30186
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Prime Slider – Addons For Elementor allows Stored XSS.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.1. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en BdThemes Prime Slider – Addons For Elementor permite XSS almacenado. Este problema afecta a Prime Slider – Addons For Elementor: desde n/a hasta 3.13.1. The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title tag in versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/bdthemes-prime-slider-lite/wordpress-prime-slider-plugin-3-13-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24883 – WordPress Prime Slider plugin <= 3.11.10 - Broken Access Control on Duplicate Post vulnerability
https://notcve.org/view.php?id=CVE-2024-24883
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10. Vulnerabilidad de autorización faltante en BdThemes Prime Slider – Addons For Elementor. Este problema afecta a Prime Slider – Complementos para Elementor: desde n/a hasta 3.11.10. The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bdt_duplicate_as_draft() function in versions up to, and including, 3.11.10. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate posts that may be private or password protected and view the contents. • https://patchstack.com/database/vulnerability/bdthemes-prime-slider-lite/wordpress-prime-slider-plugin-3-11-10-broken-access-control-on-duplicate-post-vulnerability?_s_id=cve • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •