CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36381 – WordPress Zippy Plugin <= 1.6.5 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-36381
Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.5. Vulnerabilidad de deserialización de datos no confiables en Gesundheit Bewegt GmbH Zippy. Este problema afecta a Zippy: desde n/a hasta 1.6.5. The Zippy plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.6.5 via deserialization of untrusted input in the vulnerable 'unzipPosts' function. This allows authenticated attackers with author-level permissions to inject a PHP Object. • https://patchstack.com/database/vulnerability/zippy/wordpress-zippy-plugin-1-6-3-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26533 – WordPress Zippy Plugin <= 1.6.1 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-26533
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.1. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Gesundheit Bewegt GmbH Zippy. Este problema afecta a Zippy: desde n/a hasta 1.6.1. The Zippy plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.6.1 via the adminInit function. This can allow authenticated attackers with access to the post editor, such as contributors, to create an export that will contain sensitive author information, such as usernames and password hashes. • https://patchstack.com/database/vulnerability/zippy/wordpress-zippy-plugin-1-6-1-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24802 – Colorful Categories < 2.0.15 - Arbitrary Colors Update via CSRF
https://notcve.org/view.php?id=CVE-2021-24802
The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack El plugin Colorful Categories de WordPress versiones anteriores a 2.0.15, no aplica la comprobación de nonce, que podría permitir a atacantes hacer que un administrador o editor conectado cambie los colores de la taxonomía por medio de un ataque de tipo CSRF The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack. • https://wpscan.com/vulnerability/d92db61f-341c-4f3f-b962-326194ddbd1e • CWE-352: Cross-Site Request Forgery (CSRF) •