CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7590 – WordPress Spectra – WordPress Gutenberg Blocks plugin<= 2.14.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-7590
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Spectra allows Stored XSS.This issue affects Spectra: from n/a through 2.14.1. The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ heading tag in all versions up to, and including, 2.15.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-wordpress-gutenberg-blocks-plugin-2-14-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37517 – WordPress Spectra plugin <= 2.13.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37517
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.13.7. The Spectra plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the generate_ai_content() function in versions up to, and including, 2.13.7. This makes it possible for authenticated attackers, with contributor-level access and above, to generate AI content. • https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-plugin-2-13-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36679 – WordPress Spectra plugin <= 2.6.6 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-36679
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Brainstorm Force Spectra. Este problema afecta a Spectra: desde n/a hasta 2.6.6. The Spectra plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 2.6.6 via the import_wpforms function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-plugin-2-6-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36676 – WordPress Spectra plugin <= 2.6.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-36676
Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6. Vulnerabilidad de autorización faltante en Brainstorm Force Spectra. Este problema afecta a Spectra: desde n/a hasta 2.6.6. The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.6.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/ultimate-addons-for-gutenberg/wordpress-spectra-plugin-2-6-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23834 – Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to Plugin Activation
https://notcve.org/view.php?id=CVE-2023-23834
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1 This is due to missing nonce validation on the activate_plugin function called via an AJAX action. This makes it possible for unauthenticated attackers to activate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •