CVE-2024-22157 – WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-22157
Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15. Una vulnerabilidad de gestión de privilegios incorrecta en WebWizards SalesKing permite la escalada de privilegios. Este problema afecta a SalesKing: desde n/a hasta 1.6.15. The SalesKing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.15. This allows unauthenticated attackers to create arbitrary malicious administrator accounts. • https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2024-22156 – WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Plugin Settings Change vulnerability
https://notcve.org/view.php?id=CVE-2024-22156
Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. Vulnerabilidad de autorización faltante en SNP Digital SalesKing. Este problema afecta a SalesKing: desde n/a hasta 1.6.15. The SalesKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 1.6.15. This makes it possible for unauthenticated attackers to modify plugin settings. • https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-plugin-settings-change-vulnerability?_s_id=cve • CWE-862: Missing Authorization •