CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10527 – Spacer <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Limited Information Disclosure
https://notcve.org/view.php?id=CVE-2024-10527
06 Jan 2025 — The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information. El complemento Spacer para WordPress es vulnerable al acceso no autorizado a los datos debido a una verificación de capacidad faltante en la función motech_spacer_callback() en todas las... • https://plugins.trac.wordpress.org/browser/spacer/tags/3.0.7/index.php#L85 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5880 – Hide My Site <= 2.2 - Unauthenticated Information Exposure
https://notcve.org/view.php?id=CVE-2024-5880
20 Aug 2024 — The Hide My Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 due to the plugin not restricting access to the REST API when password protection is enabled. This makes it possible for unauthenticated attackers to gain unauthorized access to the site. • https://wordpress.org/plugins/hide-my-site • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3618 – Spacer < 3.0.7 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-3618
27 Oct 2022 — The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). El complemento Spacer de WordPress anterior a 3.0.7 no sanitiza y escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, realizar ataques de cross site scripting a... • https://wpscan.com/vulnerability/2011dc7b-8e8c-4190-ab34-de288e14685b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •