CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41930
https://notcve.org/view.php?id=CVE-2024-41930
27 Sep 2024 — Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. Existe una vulnerabilidad de Cross-Site Scripting en MF Teacher Performance Management System version 6. Si se explota esta vulnerabilidad, se puede ejecutar una secuencia de comandos arbitraria en el navegador web del usuario que accedió al sitio web utilizando el pr... • https://jvn.jp/en/jp/JVN21176842 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37962 – WordPress Fusion Page Builder plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37962
10 Jul 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1. The Fusion plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that wi... • https://patchstack.com/database/wordpress/plugin/fusion/vulnerability/wordpress-fusion-page-builder-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32796 – WordPress WP Fusion Lite <= 3.42.10 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32796
22 Apr 2024 — Insertion of Sensitive Information into Log File vulnerability in Very Good Plugins WP Fusion Lite.This issue affects WP Fusion Lite: from n/a through 3.42.10. Inserción de información confidencial en la vulnerabilidad del archivo de registro en Very Good Plugins WP Fusion Lite. Este problema afecta a WP Fusion Lite: desde n/a hasta 3.42.10. The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, ... • https://patchstack.com/database/vulnerability/wp-fusion-lite/wordpress-wp-fusion-lite-3-42-10-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.9EPSS: 60%CPEs: 1EXPL: 1CVE-2024-27972 – WordPress WP Fusion Lite plugin <= 3.41.24 - Auth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-27972
13 Mar 2024 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en Very Good Plugins WP Fusion Lite permite la inyección de comando. Este problema afecta a WP Fusion Lite: desde n/a hasta 3.41.24. The WP Fusion Lite – Marketing Automatio... • https://github.com/truonghuuphuc/CVE-2024-27972-Poc • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4480 – Arbitrary File Read in Fusion File Manager
https://notcve.org/view.php?id=CVE-2023-4480
05 Sep 2023 — Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation. Debido a una dependencia desactualizada en el componente "Fusion File Manager" accesible a través del pan... • https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2453 – Local file Inclusion (LFI) in Forum Infusion via Directory Traversal
https://notcve.org/view.php?id=CVE-2023-2453
05 Sep 2023 — There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a ‘.php’ file payload. La limpieza de nombres de archivo contaminados que se concatenan directamente con una ruta que posteriormente se pasa a una ... • https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39306 – WordPress Avada Builder plugin <= 3.11.1 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2023-39306
10 Aug 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.11.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en ThemeFusion Fusion Builder permite el XSS reflejado. Este problema afecta a Fusion Builder: desde n/a hasta 3.11.1. The Fusion Builder plugin for WordPress is vulnerable to Ref... • https://patchstack.com/database/vulnerability/fusion-builder/wordpress-avada-builder-plugin-3-11-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39309 – WordPress Avada Builder plugin <= 3.11.1 - Auth. SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2023-39309
10 Aug 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en ThemeFusion Fusion Builder. Este problema afecta a Fusion Builder: desde n/a hasta 3.11.1. The Fusion Builder plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to... • https://patchstack.com/database/vulnerability/fusion-builder/wordpress-avada-builder-plugin-3-11-1-authenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39310 – WordPress Avada Builder plugin <= 3.11.1 - Authenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-39310
10 Aug 2023 — Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. Vulnerabilidad de autorización faltante en ThemeFusion Fusion Builder. Este problema afecta a Fusion Builder: desde n/a hasta 3.11.1. The Fusion Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 3.11.1. This makes it possible for authenticated attackers, with subsc... • https://patchstack.com/database/vulnerability/fusion-builder/wordpress-avada-builder-plugin-3-11-1-authenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39311 – WordPress Avada Builder plugin <= 3.11.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-39311
10 Aug 2023 — Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ThemeFusion Fusion Builder. Este problema afecta a Fusion Builder: desde n/a hasta 3.11.1. The Fusion Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.11.1. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/fusion-builder/wordpress-avada-builder-plugin-3-11-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •