CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7514 – WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal
https://notcve.org/view.php?id=CVE-2024-7514
10 Oct 2024 — The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9 • https://github.com/RandomRobbieBF/CVE-2024-7514 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8397 – GDPR Cookie Consent <= 2.6.0 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-8397
16 Sep 2024 — The GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via IP headers in all versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8286 – GDPR Cookie Consent <= 2.6.0 - Cross-Site Request Forgery to Bulk Delete
https://notcve.org/view.php?id=CVE-2024-8286
16 Sep 2024 — The GDPR Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform bulk actions like deleting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34815 – WordPress Import and export users and customers plugin <= 1.26.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-34815
11 Jun 2024 — Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.5. Vulnerabilidad de autorización faltante en Codection Import and export users and customers. Este problema afecta a Import and export users and customers: desde n/a hasta 1.26.5. • https://patchstack.com/database/vulnerability/import-users-from-csv-with-meta/wordpress-import-and-export-users-and-customers-plugin-1-26-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2024-3546 – WordPress Backup & Migration <= 1.4.8 - Missing Authorization to Directory Traversal
https://notcve.org/view.php?id=CVE-2024-3546
22 Apr 2024 — The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above, to invoke this function and access log files maintained by the plugin. Additionally, the file name is user-provided and not properly sanitized, which allows attackers to read arbitrary log files on the file sys... • https://github.com/dovankha/CVE-2024-35468 • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3216 – WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings Reset
https://notcve.org/view.php?id=CVE-2024-3216
05 Apr 2024 — The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings() function in all versions up to, and including, 4.4.2. This makes it possible for unauthenticated attackers to reset all of the plugin's settings. El complemento WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels de WordPress es vulnerable a modificaciones no autoriza... • https://plugins.trac.wordpress.org/browser/print-invoices-packing-slip-labels-for-woocommerce/trunk/admin/class-wf-woocommerce-packing-list-admin.php#L4262 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0957 – WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.1 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-0957
21 Mar 2024 — The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing. El complemento WooCommerce PDF Invoices, Packing Slips, Delive... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050923%40print-invoices-packing-slip-labels-for-woocommerce&new=3050923%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0705 – Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2024-0705
18 Jan 2024 — The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento Stripe Payment Plugin for Woo... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2954934%40payment-gateway-stripe-and-woocommerce-integration&new=2954934%40payment-gateway-stripe-and-woocommerce-integration&sfp_email=&sfph_mail= • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22152 – WordPress Product Import Export for WooCommerce Plugin <= 2.3.7 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-22152
16 Jan 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WebToffee Product Import Export para WooCommerce. Este problema afecta a Product Import Export para WooCommerce: desde n/a hasta 2.3.7. The Product Import Export for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads du... • https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-3-7-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22135 – WordPress Order Export & Order Import for WooCommerce Plugin <= 2.4.3 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-22135
10 Jan 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WebToffee Order Export & Order Import para WooCommerce. Este problema afecta Order Export & Order Import for WooCommerce: desde n/a hasta 2.4.3. The Order Export & Order Import for WooCommerce plugin for WordPress is vuln... • https://patchstack.com/database/vulnerability/order-import-export-for-woocommerce/wordpress-order-export-order-import-for-woocommerce-plugin-2-4-3-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •