CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35731 – WordPress Kenta Gutenberg Blocks plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35731
06 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor: from n/a through 1.3.9. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en WP Moose Kenta Gutenber... • https://patchstack.com/database/vulnerability/kenta-blocks/wordpress-kenta-gutenberg-blocks-plugin-1-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1943 – Yuki <= 1.3.14 - Cross-Site Request Forgery to Theme Setting Reset
https://notcve.org/view.php?id=CVE-2024-1943
27 Feb 2024 — The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the reset_customizer_options() function. This makes it possible for unauthenticated attackers to reset the themes settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El tema Yuki para WordPress es vulnerable a la Cross-Site Request Forgery en todas las versiones... • https://themes.trac.wordpress.org/changeset/218603/yuki/1.3.15/inc/extensions/class-reset-extension.php • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1388 – Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset
https://notcve.org/view.php?id=CVE-2024-1388
27 Feb 2024 — The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme's settings. El tema Yuki para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función reset_customizer_options() en todas las v... • https://themes.trac.wordpress.org/changeset/217428/yuki/1.3.14/inc/extensions/class-reset-extension.php • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 425EXPL: 0CVE-2022-4974 – Freemius SDK <= 2.4.2 - Missing Authorization Checks
https://notcve.org/view.php?id=CVE-2022-4974
04 Mar 2022 — The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable. • https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=cve • CWE-862: Missing Authorization •