CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7703 – ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.37 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload
https://notcve.org/view.php?id=CVE-2024-7703
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.37 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. • https://github.com/lfillaz/CVE-2024-7703 https://www.wordfence.com/threat-intel/vulnerabilities/id/7bd057d5-5350-43c9-abfc-34d8f6537d2e?source=cve https://plugins.trac.wordpress.org/browser/armember-membership/trunk/core/classes/class.arm_members_activity.php#L374 https://wordpress.org/plugins/armember-membership/#developers https://plugins.trac.wordpress.org/changeset/3136475 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7350 – Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover
https://notcve.org/view.php?id=CVE-2024-7350
The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to authentication bypass in versions 1.1.6 to 1.1.7. This is due to the plugin not properly verifying a user's identity prior to logging them in when completing a booking. This makes it possible for unauthenticated attackers to log in as registered users, including administrators, if they have access to that user's email. This is only exploitable when the 'Auto login user after successful booking' setting is enabled. El complemento Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress para WordPress es vulnerable a la omisión de autenticación en las versiones 1.1.6 a 1.1.7. • https://plugins.trac.wordpress.org/browser/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_customers.php#L339 https://plugins.trac.wordpress.org/changeset/3130266/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_customers.php https://www.wordfence.com/threat-intel/vulnerabilities/id/4c367565-75f7-4dd7-a2f1-111df581bd7a?source=cve • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6660 – BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-6660
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary files. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. El complemento BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin para WordPress es vulnerable a modificaciones no autorizadas de datos que pueden provocar una escalada de privilegios debido a una falta de verificación de capacidad en la función bookingpress_import_data_continue_process_func en todas las versiones hasta la 1.1.5 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen opciones arbitrarias en el sitio de WordPress y carguen archivos arbitrarios. • https://plugins.trac.wordpress.org/browser/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_import_export.php#L1491 https://plugins.trac.wordpress.org/browser/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_import_export.php#L410 https://plugins.trac.wordpress.org/browser/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_import_export.php#L476 https://plugins.trac.wordpress.org/changeset/3116857/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress_import_export.p • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6467 – BookingPress Appointment Booking <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Read to Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2024-6467
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files that contain the content of files on the server, allowing the execution of any PHP code in those files or the exposure of sensitive information. El complemento BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin para WordPress es vulnerable a la lectura de archivos arbitrarios y la creación de archivos arbitrarios en todas las versiones hasta la 1.1.5 incluida a través de la función 'bookingpress_save_lite_wizard_settings_func'. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, creen archivos arbitrarios que contengan el contenido de archivos en el servidor, permitiendo la ejecución de cualquier código PHP en esos archivos o la exposición de información confidencial. The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Arbitrary File Read to Arbitrary File Creation in all versions up to, and including, 1.1.5 via the 'bookingpress_save_lite_wizard_settings_func' function. • https://plugins.trac.wordpress.org/changeset/3116857/bookingpress-appointment-booking/trunk/core/classes/class.bookingpress.php https://www.wordfence.com/threat-intel/vulnerabilities/id/d0177510-cd7d-4cc5-96c3-78433aa0e3f6?source=cve • CWE-73: External Control of File Name or Path •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4133 – ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.30 - Open Redirect
https://notcve.org/view.php?id=CVE-2024-4133
The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirect_to parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. El complemento ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup para WordPress es vulnerable a Open Redirect en todas las versiones hasta la 4.0.30 incluida. Esto se debe a una validación insuficiente de la URL de redireccionamiento proporcionada mediante el parámetro redirect_to. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078683%40armember-membership%2Ftrunk&old=3069538%40armember-membership%2Ftrunk&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/80d113aa-7401-4b58-a755-f64146d9fb08?source=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •