CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0629 – 2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins
https://notcve.org/view.php?id=CVE-2024-0629
The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to orders and mark them as paid. El complemento 2Checkout Payment Gateway para WooCommerce para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función sniff_ins en todas las versiones hasta la 6.2 incluida. Esto hace posible que atacantes no autenticados realicen cambios en los pedidos y los marquen como pagados. • https://wordpress.org/plugins/woocommerce-2checkout-payment https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc6a4a5-b133-4ee1-a345-a7c812624b03?source=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0829 – Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-0829
The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings. El complemento Comments Extra Fields For Post,Pages and CPT para WordPress es vulnerable a la falta de autorización en todas las versiones hasta la 5.0 incluida. • https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5754c2-a052-41ac-af19-7c4f55860f95?source=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0830 – Comments Extra Fields For Post,Pages and CPT <= 5.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2024-0830
The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. As a result, they may modify comment form fields and update plugin settings. El complemento Comments Extra Fields For Post,Pages and CPT para WordPress es vulnerable a la Cross-Site Request Forgery en todas las versiones hasta la 5.0 incluida. • https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25903 – WordPress Frontend File Manager Plugin plugin <= 22.7 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-25903
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en N-Media Frontend File Manager. Este problema afecta a Frontend File Manager: desde n/a hasta 22.7. The Frontend File Manager Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 22.7 via the user upload functionality. This makes it possible for unauthenticated attackers to access user-uploaded files. • https://patchstack.com/database/vulnerability/nmedia-user-file-uploader/wordpress-frontend-file-manager-plugin-plugin-22-7-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-15042 – Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2016-15042
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. Los complementos Frontend File Manager (versiones < 4.0) y N-Media Post Front-end Form (versiones < 1.1) para WordPress son vulnerables a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo a través de las acciones AJAX `nm_filemanager_upload_file` y `nm_postfront_upload_file`. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor de los sitios afectados, lo que puede hacer posible la ejecución remota de código. • https://wordpress.org/plugins/nmedia-user-file-uploader/#developers https://wpscan.com/vulnerability/052f7d9a-aaff-4fb1-92b7-aeb83cc705a7 https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-n-media-post-front-end-form-arbitrary-file-upload-1-0 https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-front-end-file-upload-and-manager-plugin https://www.pluginvulnerabilities.com/2016/09/19/arbitrary-file-upload-vulnerability-in-n-media-post-front-end-form https://www.wordf • CWE-434: Unrestricted Upload of File with Dangerous Type •