CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4746 – WordPress Netgsm plugin <= 2.9.16 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-4746
10 Jun 2024 — Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.16. Vulnerabilidad de autorización faltante en Netgsm. Este problema afecta a Netgsm: desde n/a hasta 2.9.16. • https://patchstack.com/database/vulnerability/netgsm/wordpress-netgsm-plugin-2-9-16-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35672 – WordPress Netgsm plugin <= 2.9.19 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35672
10 May 2024 — Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.19. Vulnerabilidad de autorización faltante en Netgsm. Este problema afecta a Netgsm: desde n/a hasta 2.9.16. The Netgsm plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.9.32. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/netgsm/wordpress-netgsm-plugin-2-9-16-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32544 – WordPress Netgsm plugin <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32544
15 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Netgsm allows Reflected XSS.This issue affects Netgsm: from n/a through 2.8. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Netgsm permite Reflected XSS. Este problema afecta a Netgsm: desde n/a hasta 2.8. The Netgsm plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.8 due... • https://patchstack.com/database/vulnerability/netgsm/wordpress-netgsm-plugin-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •