CVE-2024-3815 – Newspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta
https://notcve.org/view.php?id=CVE-2024-3815
The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El tema Newspaper para WordPress es vulnerable a Cross-Site Scripting Almacenado a través de metadatos adjuntos en la página de archivo en todas las versiones hasta la 12.6.5 incluida debido a una sanitización de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso a nivel de autor y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://themeforest.net/item/newspaper/5489609 https://www.wordfence.com/threat-intel/vulnerabilities/id/6f0a332f-b761-44b3-86e8-82411455ba3e?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-3477 – tagDiv Composer < 3.5 - Unauthenticated Account Takeover
https://notcve.org/view.php?id=CVE-2022-3477
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address El complemento de WordPress tagDiv Composer anterior a 3.5, requerido por el tema Newspaper WordPress anterior a 12.1 y el tema Newsmag de WordPress anterior a 5.2.2, no implementa correctamente la función de inicio de sesión de Facebook, lo que permite a atacantes no autenticados iniciar sesión como cualquier usuario con solo conocer su dirección de correo electrónico. The tagDiv Composer plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, but not including, 3.5 due to improper implementation of the Facebook login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. This plugin is used in several themes such as Newspaper and Newsmag. • https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2022-2167 – Newspaper < 12 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2167
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting El tema Newspaper WordPress anterior a la 12 no sanitiza un parámetro antes de devolverlo a un atributo HTML a través de una acción AJAX, lo que genera Reflected Cross-Site Scripting. The Newspaper theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an AJAX action in versions up to, and including, 11.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/ad35fbae-1e90-47a0-b1d2-f8d91a5db90e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-2627 – Newspaper < 12 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2627
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. El tema Newspaper WordPress anterior a la 12 no sanitiza un parámetro antes de devolverlo a un atributo HTML a través de una acción AJAX, lo que genera Reflected Cross-Site Scripting. The Newspaper theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an AJAX action in versions up to, and including, 11.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/038327d0-568f-4011-9b7e-3da39e8b6aea • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15981 – Newspaper 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-15981
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. Responsive Newspaper Magazine & Blog CMS 1.0 permite que se produzca inyección SQL mediante el parámetro id en admin/admin_process.php para la edición de formularios. Newspaper Magazine and Blog CMS version 1.0 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/43078 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •