CVSS: 5.0EPSS: 0%CPEs: 25EXPL: 0CVE-2024-32111 – WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability
https://notcve.org/view.php?id=CVE-2024-32111
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9, from 5.8 through 5.8.9, from 5.7 through 5.7.11, from 5.6 through 5.6.13, from 5.5 through 5.5.14, from 5.4 through 5.4.15, from 5.3 through 5.3.17, from 5.2 through 5.2.20, from 5.1 through 5.1.18, from 5.0 through 5.0.21, from 4.9 through 4.9.25, from 4.8 through 4.8.24, from 4.7 through 4.7.28, from 4.6 through 4.6.28, from 4.5 through 4.5.31, from 4.4 through 4.4.32, from 4.3 through 4.3.33, from 4.2 through 4.2.37, from 4.1 through 4.1.40. WordPress Core is vulnerable to Directory Traversal in various versions up to 6.5.5 via the Template Part block. This makes it possible for authenticated attackers, with Contributor-level access and above, to include arbitrary HTML Files on sites running Windows. • https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-5-5-contributor-arbitrary-html-file-read-windows-only-vulnerability?_s_id=cve https://wordpress.org/news/2024/06/wordpress-6-5-5 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-31111 – WordPress Core < 6.5.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-31111
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6, from 6.0 through 6.0.8, from 5.9 through 5.9.9. WordPress Core is vulnerable to Stored Cross-Site Scripting via the Template Part Block in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on the 'tagName' attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37492 is a duplicate CVE assignment. • https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-5-5-cross-site-scripting-xss-via-template-part-vulnerability?_s_id=cve https://wordpress.org/news/2024/06/wordpress-6-5-5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-6307 – WordPress Core < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML API
https://notcve.org/view.php?id=CVE-2024-6307
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions prior to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. WordPress Core es vulnerable a Cross-Site Scripting Almacenado a través de la API HTML en varias versiones hasta la 6.5.5 debido a una sanitización de entrada insuficiente y a un escape de salida en las URL. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://core.trac.wordpress.org/changeset/58472 https://core.trac.wordpress.org/changeset/58473 https://wordpress.org/news/2024/06/wordpress-6-5-5 https://www.wordfence.com/threat-intel/vulnerabilities/id/bc0d36f8-6569-49a1-b722-5cf57c4bb32a?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5692 – WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink
https://notcve.org/view.php?id=CVE-2023-5692
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'. WordPress Core es vulnerable a la exposición de información confidencial en versiones hasta la 6.4.3 incluida a través de la función redirect_guess_404_permalink. Esto puede permitir a atacantes no autenticados exponer el slug de una publicación personalizada cuyo estado de publicación 'publicly_queryable' se ha establecido en 'falso'. • https://core.trac.wordpress.org/changeset/57645 https://developer.wordpress.org/reference/functions/is_post_publicly_viewable https://developer.wordpress.org/reference/functions/is_post_type_viewable https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763 https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 3CVE-2023-5561 – WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure
https://notcve.org/view.php?id=CVE-2023-5561
WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack El complemento Popup Builder de WordPress hasta la versión 4.1.15 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting almacenados incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio). WordPress Core is vulnerable to Sensitive Information Exposure in versions between 4.7.0 and 6.3.1 via the User REST endpoint. While the search results do not display user email addresses unless the requesting user has the 'list_users' capability, the search is applied to the user_email column. This can allow unauthenticated attackers to brute force or verify the email addresses of users with published posts or pages on the site. • https://github.com/pog007/CVE-2023-5561-PoC https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2 https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •