CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43117 – WordPress Hummingbird plugin <= 3.9.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-43117
Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1. The Hummingbird plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.1. This is due to missing or incorrect nonce validation on the on_load and maybe_clear_all_cache functions. This makes it possible for unauthenticated attackers to update settings and clear cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/hummingbird-performance/wordpress-hummingbird-plugin-3-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43118 – Hummingbird <= 3.9.1 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-43118
The Hummingbird plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clear_module_cache() function in versions up to, and including, 3.9.1. This makes it possible for authenticated attackers, with contributor-level access and above, to clear module cache. • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32792 – WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32792
Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3. Vulnerabilidad de autorización faltante en WPMU DEV Hummingbird. Este problema afecta a Hummingbird: desde n/a hasta 3.7.3. The Hummingbird plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /admin/class-ajax.php file in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to perform unauthorized actions like clearing cache. • https://patchstack.com/database/vulnerability/hummingbird-performance/wordpress-hummingbird-plugin-3-7-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •