CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22301 – WordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-22301
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6. Vulnerabilidad de exposición de información confidencial a un actor no autorizado en Ignazio Scimone Albo Pretorio On line. Este problema afecta a Albo Pretorio On line: desde n/a hasta 4.6.6. The Albo Pretorio On line plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32109 – WordPress Albo Pretorio Online Plugin <= 4.6.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32109
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions. The Albo Pretorio Online plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-3-reflected-cross-site-scripting-xss-vulnerability-2?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32108 – WordPress Albo Pretorio Online Plugin <= 4.6.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32108
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions. The Albo Pretorio Online plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •