CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5489 – Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion
https://notcve.org/view.php?id=CVE-2024-5489
05 Jun 2024 — The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete any custom font. El complemento Wbcom Designs – Custom Font Uploader para WordPress es vulnerable a la pérdida no autorizada de datos debido a una falta de verificación de capacidad en l... • https://plugins.trac.wordpress.org/browser/custom-font-uploader/trunk/inc/cfup-functions.php#L20 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28694 – WordPress Wbcom Designs – BuddyPress Activity Social Share Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28694
22 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Wbcom Designs Wbcom Designs – Complemento BuddyPress Activity Social Share en versiones <= 3.5.0. The Wbcom Designs – BuddyPress Activity Social Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation on s... • https://patchstack.com/database/vulnerability/bp-activity-social-share/wordpress-wbcom-designs-buddypress-activity-social-share-plugin-3-4-0-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2108 – Wbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass
https://notcve.org/view.php?id=CVE-2022-2108
16 Jun 2022 — The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site. El plugin Wbcom Designs - BuddyPress Group Reviews para WordPress es vulnerable a cambios de configuración no autoriz... • https://plugins.trac.wordpress.org/browser/review-buddypress-groups/trunk/includes/bgr-ajax.php#L359 • CWE-862: Missing Authorization •