CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46623 – WordPress WP EXtra Plugin <= 6.2 is vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-46623
29 Dec 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2. Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en TienCOP WP EXtra. Este problema afecta a WP EXtra: desde n/a hasta 6.2. • https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-2-remote-code-execution-rce-via-htaccess-modification-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47825 – WordPress WP EXtra Plugin <= 6.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-47825
16 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra plugin <= 6.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento TienCOP WP EXtra en versiones <= 6.4. The WP EXtra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4. This is due to missing or incorrect nonce validation on the ToolImport function. This makes it possible for unauthenticated attackers to change plugin settings via a forged request granted the... • https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5314 – WP EXtra <= 6.2 - Missing Authorization to Arbitrary Email Sending
https://notcve.org/view.php?id=CVE-2023-5314
25 Oct 2023 — The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to send emails with arbitrary content to arbitrary locations from the affected site's mail server. El complemento WP EXtra para WordPress es vulnerable al acceso no autorizado a funcione... • https://plugins.trac.wordpress.org/changeset/2977703/wp-extra • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5311 – WP EXtra <= 6.2 - Missing Authorization to .htaccess File Modification
https://notcve.org/view.php?id=CVE-2023-5311
24 Oct 2023 — The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution. El complemento WP EXtra para WordPress es vulnerable a modificaciones no a... • https://giongfnef.gitbook.io/giongfnef/cve/cve-2023-5311 • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46212 – WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-46212
19 Oct 2023 — Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.This issue affects WP EXtra: from n/a through 6.2. Autorización faltante, vulnerabilidad de Cross-Site Request Forgery (CSRF) en TienCOP WP EXtra permite acceder a la funcionalidad no restringida adecuadamente por las ACL, Cross-Site Request Forgery. Este problema afecta a WP EXtra: desde n/a hasta 6.2. The WP EXtra plugin for ... • https://patchstack.com/database/vulnerability/wp-extra/wordpress-wp-extra-plugin-6-2-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •