CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22157 – WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-22157
Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15. Una vulnerabilidad de gestión de privilegios incorrecta en WebWizards SalesKing permite la escalada de privilegios. Este problema afecta a SalesKing: desde n/a hasta 1.6.15. The SalesKing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.15. This allows unauthenticated attackers to create arbitrary malicious administrator accounts. • https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22154 – WordPress SalesKing Plugin <= 1.6.15 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2024-22154
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en SNP Digital SalesKing. Este problema afecta a SalesKing: desde n/a hasta 1.6.15. The salesking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.15. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22156 – WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Plugin Settings Change vulnerability
https://notcve.org/view.php?id=CVE-2024-22156
Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. Vulnerabilidad de autorización faltante en SNP Digital SalesKing. Este problema afecta a SalesKing: desde n/a hasta 1.6.15. The SalesKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 1.6.15. This makes it possible for unauthenticated attackers to modify plugin settings. • https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-plugin-settings-change-vulnerability?_s_id=cve • CWE-862: Missing Authorization •