CVE-2024-37271 – WordPress Print My Blog plugin <= 3.27.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37271
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS.This issue affects Print My Blog: from n/a through 3.27.0. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Michael Nelson Print My Blog permite XSS almacenado. Este problema afecta a Print My Blog: desde n/a hasta 3.27.0. The Print My Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.27.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/print-my-blog/wordpress-print-my-blog-plugin-3-27-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-33907 – WordPress Print My Blog plugin <= 3.26.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33907
Missing Authorization vulnerability in Michael Nelson Print My Blog.This issue affects Print My Blog: from n/a through 3.26.2. Vulnerabilidad de falta de autorización en Michael Nelson Print My Blog. Este problema afecta a Print My Blog: desde n/a hasta 3.26.2. The Print My Blog – Print, PDF, & eBook Converter WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions like the saveProjectGenerate() function in all versions up to, and including, 3.26.2. This makes it possible for unauthenticated attackers, to update projects. • https://patchstack.com/database/vulnerability/print-my-blog/wordpress-print-my-blog-plugin-3-26-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2021-24636 – Print My Blog < 3.4.2 - Plugin Deactivation via CSRF
https://notcve.org/view.php?id=CVE-2021-24636
The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link El plugin Print My Blog de WordPress versiones anteriores a 3.4.2, no aplica las comprobaciones de nonce (CSRF), lo que permite a atacantes hacer que los administradores que han iniciado sesión desactiven el plugin Print My Blog y eliminen todos los datos guardados para ese plugin al engañarlos para que abran un enlace malicioso The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link. • https://wpscan.com/vulnerability/db8ace7b-7a44-4620-9fe8-ddf0ad520f5e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-11565 – Print My Blog <= 1.6.6 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2019-11565
Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter. El plugin Print My Blog, versiones anteriores a 1.6.7, para WordPress, puede sufrir un ataque Server Side Request Forgery (SSRF) a través del parámetro site. Server-Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter. • http://dumpco.re/bugs/wp-plugin-print-my-blog-ssrf https://github.com/mnelson4/printmyblog/commit/8584a2839a541eb29fca64252e388c827af3ec21 https://plugins.trac.wordpress.org/changeset?old_path=%2Fprint-my-blog%2Ftrunk&old=2075667&new_path=%2Fprint-my-blog%2Ftrunk&new=2075667 https://wordpress.org/plugins/print-my-blog/#developers https://wpvulndb.com/vulnerabilities/9263 • CWE-918: Server-Side Request Forgery (SSRF) •