CVE-2023-6933 – Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-6933
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. El complemento Better Search Replace para WordPress es vulnerable a la inyección de objetos PHP en todas las versiones hasta la 1.4.4 incluida, a través de la deserialización de entradas que no son de confianza. • https://github.com/w2xim3/CVE-2023-6933 https://plugins.trac.wordpress.org/browser/better-search-replace/trunk/includes/class-bsr-db.php#L334 https://plugins.trac.wordpress.org/changeset/3023674/better-search-replace/trunk/includes/class-bsr-db.php https://www.wordfence.com/threat-intel/vulnerabilities/id/895f2db1-a2ed-4a17-a4f6-cd13ee8f84af?source=cve • CWE-502: Deserialization of Untrusted Data •
CVE-2023-23684 – WordPress WPGraphQL Plugin <= 1.14.5 is vulnerable to Server Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2023-23684
Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5. Vulnerabilidad de Server-Side Request Forgery (SSRF) en WPGraphQL. Este problema afecta a WPGraphQL: desde n/a hasta 1.14.5. The WPGraphQL plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.14.5 via createMediaItem. This can allow authenticated attackers with editor access or higher to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/wp-graphql/wordpress-wp-graphql-plugin-1-14-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-24421 – WordPress PHP Compatibility Checker Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-24421
Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions. The PHP Compatibility Checker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the start_test and cleanup function. This makes it possible for unauthenticated attackers to start a new compatibility scan or delete scan results via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/php-compatibility-checker/wordpress-php-compatibility-checker-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-1563 – WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure
https://notcve.org/view.php?id=CVE-2022-1563
The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL. El complemento WPGraphQL WooCommerce WordPress anterior a 0.12.4 no impide que atacantes no autenticados enumeren los códigos de cupón y los valores de una tienda a través de GraphQL. The WPGraphQL WooCommerce plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 0.11.0. This can allow unauthenticated attackers to extract coupon codes via GraphQL. • https://github.com/wp-graphql/wp-graphql-woocommerce https://wpscan.com/vulnerability/19138092-50d3-4d63-97c5-aa8e1ce39456 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-4974 – Freemius SDK <= 2.4.2 - Missing Authorization Checks
https://notcve.org/view.php?id=CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. • https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=cve https://wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a https://freemius.com/blog/managing-security-issues-open-source-freemius-sdk-security-disclosure https://wpdirectory.net/search/01FWPVWA7BC5DYGZHNSZQ9QMN5 https://wpdirectory.net/search/01G02RSGMFS1TPT63FS16RWEYR https://web.archive.org/web/20220225174410/https%3A//www.pluginvulnerabilities.com/2022/02/25/our-security-review-of-wordpress-plugin-found-freemius-li • CWE-862: Missing Authorization •