CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33542 – WordPress Crelly Slider plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2024-33542
Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Fabio Rinaldi Crelly Slider. Este problema afecta a Crelly Slider: desde n/a hasta 1.4.5. The Crelly Slider plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/crelly-slider/wordpress-crelly-slider-plugin-1-4-5-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15866 – Crelly Slider <= 1.3.4 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2019-15866
The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider. El plugin crelly-slider en versiones anteriores a la 1.3.5 para WordPress tiene carga arbitraria de archivos mediante un archivo PHP dentro de un archivo ZIP wp_ajax_crellyslider_importSlider. • https://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-crelly-slider-plugin https://wordpress.org/plugins/crelly-slider/#developers • CWE-434: Unrestricted Upload of File with Dangerous Type •