CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33538 – WordPress Assistant – Every Day Productivity Apps plugin <= 1.4.9.1 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-33538
25 Apr 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from n/a through 1.4.9.1. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Fastline Media LLC Assistant – Every Day Productivity Apps. Este problema afecta al Asistente: aplicaciones de productividad para todos los días: desde n/a hasta 1.4.9.1. The Assistant – Every Day Producti... • https://patchstack.com/database/vulnerability/assistant/wordpress-assistant-every-day-productivity-apps-plugin-1-4-9-1-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5798 – Assistant < 1.4.4 - Editor+ SSRF
https://notcve.org/view.php?id=CVE-2023-5798
27 Jul 2023 — The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks El complemento The Assistant WordPress anterior a 1.4.4 no valida un parámetro antes de realizar una solicitud a través de wp_remote_get(), lo que podría permitir a los usuarios con un rol tan bajo como Editor realizar ataques SSRF. The Assistant plugin for WordPress is vulnerable to Server-Side Request Forge... • https://wpscan.com/vulnerability/bbb4c98c-4dd7-421e-9666-98f15acde761 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11160
https://notcve.org/view.php?id=CVE-2017-11160
18 Aug 2017 — Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. Múltiples vulnerabilidades de ruta de búsqueda no confiable en installer en Synology Assistant en versiones anteriores a la 6.1-15163 en Windows permite que atacantes locales ejecuten código ar... • https://www.synology.com/en-global/support/security/Synology_SA_17_44_Synology_Assistant • CWE-426: Untrusted Search Path •