CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40673 – WordPress Cartpauj Register Captcha plugin <= 1.0.02 - Captcha Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-40673
: Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02. Vulnerabilidad de control inadecuado de la frecuencia de interacción en cartpauj Cartpauj Register Captcha permite un uso indebido de la funcionalidad. Este problema afecta a Cartpauj Register Captcha: desde n/a hasta 1.0.02. The Cartpauj Register Captcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.0.02. This makes it possible for unauthenticated attackers to bypass the Captcha Verification. • https://patchstack.com/database/vulnerability/cartpauj-register-captcha/wordpress-cartpauj-register-captcha-plugin-1-0-02-captcha-bypass-vulnerability?_s_id=cve • CWE-799: Improper Control of Interaction Frequency CWE-804: Guessable CAPTCHA •
CVSS: 7.2EPSS: 0%CPEs: 45EXPL: 0CVE-2013-0734 – Mingle Forum <= 1.0.33.3 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-0734
Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php. Múltiples vulnerabilidades de XSS en el plugin Mingle Forum anterior a 1.0.34 para WordPress permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través del (1) parámetro search_words en una acción de búsqueda hacia wpf.class.php o (2) parámetro togroupusers en una acción add_user_togroup hacia fs-admin/fs-admin.php. • http://osvdb.org/90432 http://osvdb.org/90433 http://secunia.com/advisories/52167 http://secunia.com/secunia_research/2013-3 http://www.securityfocus.com/bid/58059 https://exchange.xforce.ibmcloud.com/vulnerabilities/82187 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 45EXPL: 0CVE-2013-0735 – Mingle Forum <= 1.0.33.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2013-0735
Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. Múltiples vulnerabilidades de inyección SQL en wpf.class.php en el plugin Mingle Forum anterior a 1.0.34 para WordPress permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id en un viewtopic (1) remove_post, (2) sticky o (3) closed action o un parámetro (4) thread en una acción postreply hacia index.php. • http://osvdb.org/90434 http://secunia.com/advisories/52167 http://secunia.com/secunia_research/2013-4 http://www.securityfocus.com/bid/58059 https://exchange.xforce.ibmcloud.com/vulnerabilities/82188 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0CVE-2013-0736 – Mingle Forum <= 1.0.34 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-0736
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors. Múltiples vulnerabilidades CSRF en el plugin Mingle Forum 1.0.34 y posiblemente versiones anteriores para WordPress permite a atacantes remotos secuestrar la autenticación de los administradores con peticiones que (1) modifiquen los privilegios del usuario o (2) llevan a cabo ataques XSS a través de vectores sin especificar. • http://osvdb.org/96905 http://secunia.com/advisories/47687 http://secunia.com/secunia_research/2013-6 http://www.securityfocus.com/bid/62133 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 44EXPL: 1CVE-2012-5327 – Mingle Forum <= 1.0.32.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2012-5327
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action. Múltiples vulnerabilidades de inyección SQL en el complemento Mingle Forum v1.0.32.1 y otras versiones antes de v1.0.33 para WordPress podría permitir a usuarios remotos autenticados ejecutar comandos SQL a través de el parámetro(1) delete_usrgrp[] en una acción delete_usergroups, el parámetro (2) usergroup en una acción add_user_togroup, o el parámetro (3) add_forum_group_id en una acción add_forum_submit. • http://packetstormsecurity.org/files/view/108915/wpmingleforum-sqlxss.txt http://plugins.trac.wordpress.org/changeset?reponame=&new=492859%40mingle-forum&old=487353%40mingle-forum http://wordpress.org/extend/plugins/mingle-forum/changelog https://exchange.xforce.ibmcloud.com/vulnerabilities/72641 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •