CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5654 – CF7 Google Sheets Connector <= 5.0.9 - Missing Authorization to Limited Site Configuration Update
https://notcve.org/view.php?id=CVE-2024-5654
The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site configuration settings, including WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES. El complemento CF7 Google Sheets Connector para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función 'execute_post_data_cg7_free' en todas las versiones hasta la 5.0.9 incluida. Esto hace posible que atacantes no autenticados alterne las configuraciones de configuración del sitio, incluidos WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG y SAVEQUERIES. • https://plugins.trac.wordpress.org/browser/cf7-google-sheets-connector/trunk/includes/class-gs-service.php#L52 https://plugins.trac.wordpress.org/changeset/3099184 https://www.wordfence.com/threat-intel/vulnerabilities/id/c0da4d55-5025-47cf-9f45-377d8943fc94?source=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1562 – WooCommerce Google Sheet Connector <= 1.3.11 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-1562
The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings. El complemento WooCommerce Google Sheet Connector para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función execute_post_data en todas las versiones hasta la 1.3.11 incluida. Esto hace posible que atacantes no autenticados actualicen la configuración del complemento. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038517%40wc-gsheetconnector&new=3038517%40wc-gsheetconnector&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/e36df7b7-fcbc-4e5d-812c-861bfe8abb55?source=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 24%CPEs: 2EXPL: 2CVE-2013-7240 – Advanced Dewplayer < 1.3 - Directory Traversal
https://notcve.org/view.php?id=CVE-2013-7240
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. Vulnerabilidad de salto de directorio en download-file.php en el plugin Advanced Dewplayer 1.2 para WordPress permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro dew_file. • https://www.exploit-db.com/exploits/38936 http://seclists.org/oss-sec/2013/q4/566 http://seclists.org/oss-sec/2013/q4/570 http://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal http://www.securityfocus.com/bid/64587 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •