Vulnerabilità WordPress (qui elenco plugin) fonte: NIST CVES


  1. CVE-2024-4305 -- 2024-06-17T06:15:09.140
    Received
      The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress Plugin before 4.1.0 does not validate and sanitise some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks


  2. CVE-2024-3236 -- 2024-06-17T06:15:08.923
    Received
      The Popup Builder WordPress Plugin before 1.1.33 does not sanitise and sanitise some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks.


  3. CVE-2024-5611 -- 2024-06-15T10:15:11.580
    Received
      The Stratum – Elementor Widgets Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping.
      - This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.


  4. CVE-2024-5858 -- 2024-06-15T09:15:12.800
    Received
      The AI Infographic Maker Plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4.
      - This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post titles.


  5. CVE-2024-4551 -- 2024-06-15T09:15:12.587
    Received
      The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP Plugin for WordPress is vulnerable to Local file Inclusion in all versions up to, and including, 1.3.13 via the display function.
      - This makes it possible for authenticated attackers, with contributor access and higher, to include and execute arbitrary php files on the server, allowing the execution of any PHP code in those files.
      - This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.


  6. CVE-2024-4258 -- 2024-06-15T09:15:12.370
    Received
      The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP Plugin for WordPress is vulnerable to Local file Inclusion in all versions up to, and including, 1.3.13 via the settings parameter.
      - This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files.
      - This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.


  7. CVE-2024-4095 -- 2024-06-15T09:15:12.157
    Received
      The Collapse-O-Matic Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes.
      - This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.


  8. CVE-2024-3105 -- 2024-06-15T09:15:11.947
    Received
      The Woody code snippets – Insert Header Footer Code, AdSense Ads Plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode.
      - This is due to the Plugin not restricting the usage of the functionality to high level authorized users.
      - This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server.


  9. CVE-2024-2695 -- 2024-06-15T09:15:11.647
    Received
      The Shariff Wrapper Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'.
      - This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.


  10. CVE-2024-1399 -- 2024-06-15T06:15:50.250
    Received
      The Restaurant Menu – Food Ordering System – Table Reservation Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Plugin's shortcode(s) in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes.
      - This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.


  11. CVE-2024-6000 -- 2024-06-15T04:15:14.313
    Received
      The FooEvents for WooCommerce Plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20.
      - This makes it possible for authenticated attackers with contributor-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
      - This was partially patched in 1.19.20, and fully patched in 1.19.21.


  12. CVE-2024-5871 -- 2024-06-15T04:15:13.693
    Received
      The WooCommerce - Social Login Plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter.
      - This makes it possible for unauthenticated attackers to inject a PHP Object.
      - No known POP chain is present in the vulnerable software.
      - If a POP chain is present via an additional Plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.


  13. CVE-2024-5868 -- 2024-06-15T04:15:13.373
    Received
      The WooCommerce - Social Login Plugin for WordPress is vulnerable to email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code.
      - This makes it possible for unauthenticated attackers to bypass the email verification.


  14. CVE-2024-5263 -- 2024-06-15T02:15:51.670
    Received
      The ElementsKit Pro Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes.
      - This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.


  15. CVE-2024-4479 -- 2024-06-15T02:15:51.447
    Received
      The Jeg Elementor Kit Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the Plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping.
      - This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.


  16. CVE-2024-3815 -- 2024-06-15T02:15:51.247
    Received
      The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes.
      - This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.


  17. CVE-2024-3814 -- 2024-06-15T02:15:51.030
    Received
      The tagDiv Composer Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes.
      - This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.


  18. CVE-2024-3813 -- 2024-06-15T02:15:50.817
    Received
      The tagDiv Composer Plugin for WordPress is vulnerable to Local file Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute.
      - This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files.
      - This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.


  19. CVE-2024-2544 -- 2024-06-15T02:15:50.547
    Received
      The Popup Builder Plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions.
      - This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions, such as deleting subscribers, and importing subscribers to conduct stored Cross-Site Scripting attacks.


  20. CVE-2023-6696 -- 2024-06-15T02:15:50.300
    Received
      The Popup Builder – Create highly converting, mobile friendly marketing popups.
      - Plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1.
      - While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user.
      - This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery.


  21. CVE-2024-2024 -- 2024-06-14T13:15:51.223
    Received
      The Folders Pro Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2.
      - This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.


  22. CVE-2024-2023 -- 2024-06-14T13:15:50.960
    Received
      The Folders and Folders Pro Plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function.
      - This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.


  23. CVE-2024-2472 -- 2024-06-14T10:15:09.403
    Received
      The LatePoint Plugin Plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9.
      - This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account.
      El complemento LatePoint Plugin para WordPress es vulnerable al acceso no autorizado a los datos y a su modificación debido a una falta de verificación de capacidad en la función 'start_or_use_session_for_customer' en todas las versiones hasta la 4.9.9 incluida.
      - Esto hace posible que atacantes no autenticados vean los gabinetes de otros clientes, incluida la capacidad de ver PII, como direcciones de correo electrónico, y cambiar su contraseña de usuario de LatePoint, que puede estar asociada o no con una cuenta de WordPress.


  24. CVE-2024-4863 -- 2024-06-14T09:15:10.613
    Received
      The Gutenberg Blocks with AI by Kadence WP – Page Builder Features Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping.
      - This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
      El complemento Gutenberg Blocks with AI de Kadence WP – Page Builder Features para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del parámetro 'titleFont' en todas las versiones hasta la 3.2.38 incluida debido a una sanitización de entrada y un sanitise de salida insuficientes.
      - Esto hace posible que atacantes autenticados, con acceso de nivel de Colaborador y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada.


  25. CVE-2024-5577 -- 2024-06-14T08:15:42.157
    Received
      The Where I Was, Where I Will Be Plugin for WordPress is vulnerable to Remote file Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file.
      - This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on external servers, allowing the execution of any PHP code in those files.
      - This can be used to bypass access controls, obtain sensitive data, or achieve code execution.
      - This requires allow_url_include to be set to true in order to exploit, which is not commonly enabled.


  26. CVE-2024-5994 -- 2024-06-14T07:15:51.130
    Received
      The WP Go Maps (formerly WP Google Maps) Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38.
      - This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
      - Version 9.0.39 adds a caution to make administrators aware of the possibility for abuse if permissions are granted to lower-level users.
      El complemento WP Go Maps (anteriormente WP Google Maps) para WordPress es vulnerable a Cross-Site Scripting Almacenado a través de la opción Custom JS en versiones hasta la 9.0.38 incluida.
      - Esto hace posible que los atacantes autenticados a los que un administrador les ha otorgado permisos explícitamente, con permisos de nivel de colaborador y superiores, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada.
      - La versión 9.0.39 agrega una advertencia para que los administradores sean conscientes de la posibilidad de abuso si se otorgan permisos a usuarios de nivel inferior.


  27. CVE-2024-5551 -- 2024-06-14T06:15:13.443
    Received
      The WP STAGING Pro WordPress Backup Plugin Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0.
      - This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicator & Migration Plugin.
      - This makes it possible for unauthenticated attackers to include any local files that end in '-settings.php' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
      El complemento WP STAGING Pro WordPress Backup Plugin para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 5.6.0 incluida.
      - Esto se debe a una validación nonce faltante o incorrecta en el parámetro 'sub' llamado desde el complemento de copia de seguridad de WordPress WP STAGING - Duplicador de copia de seguridad y complemento de migración.
      - Esto hace posible que atacantes no autenticados incluyan cualquier archivo local que termine en '-settings.php' a través de una solicitud falsificada, siempre que puedan engañar al administrador del sitio para que realice una acción como hacer clic en un enlace.


  28. CVE-2024-5155 -- 2024-06-14T06:15:13.373
    Received
      The Inquiry cart WordPress Plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack El complemento Inquiry cart de WordPress hasta la versión 3.4.2 no tiene verificación CSRF en algunos lugares y le falta sanitización y sanitise, lo que podría permitir a los atacantes hacer que el administrador que haya iniciado sesión agregue payloads XSS almacenados a través de un ataque CSRF.


  29. CVE-2024-4751 -- 2024-06-14T06:15:13.297
    Received
      The WP Prayer II WordPress Plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack El complemento WP Prayer II de WordPress hasta la versión 2.4.7 no tiene activada la verificación CSRF al actualizar su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF.


  30. CVE-2024-4480 -- 2024-06-14T06:15:13.220
    Received
      The WP Prayer II WordPress Plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack El complemento WP Prayer II de WordPress hasta la versión 2.4.7 no tiene activada la verificación CSRF al actualizar su configuración de correo electrónico, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF.


  31. CVE-2024-4404 -- 2024-06-14T06:15:12.987
    Received
      The ElementsKit PRO Plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'render_raw' function.
      - This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
      El complemento ElementsKit PRO para WordPress es vulnerable a Server-Side Request Forgery en versiones hasta la 3.6.2 incluida a través de la función 'render_raw'.
      - Esto puede permitir a atacantes autenticados, con permisos de nivel de colaborador y superiores, realizar solicitudes web a ubicaciones arbitrarias que se originen en la aplicación web y puede usarse para consultar y modificar información de servicios internos.


  32. CVE-2024-4271 -- 2024-06-14T06:15:12.907
    Received
      The SVGator WordPress Plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. El complemento SVGator de WordPress hasta la versión 1.2.6 no sanitiza el contenido del archivo SVG, lo que permite a los usuarios con al menos el rol de autor de SVG con JavaScript malicioso realizar ataques XSS almacenado.


  33. CVE-2024-4270 -- 2024-06-14T06:15:12.827
    Received
      The SVGMagic WordPress Plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. El complemento SVGMagic de WordPress hasta la versión 1.1 no sanitiza el contenido del archivo SVG, lo que permite a los usuarios con al menos el rol de autor de SVG con JavaScript malicioso realizar ataques XSS almacenado.


  34. CVE-2024-4005 -- 2024-06-14T06:15:12.753
    Received
      The Social Pixel WordPress Plugin through 2.1 does not sanitise and sanitise some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento Social Pixel WordPress hasta la versión 2.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio).


  35. CVE-2024-3993 -- 2024-06-14T06:15:12.680
    Received
      The AZAN Plugin WordPress Plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack El complemento AZAN Plugin de WordPress hasta la versión 0.6 no tiene verificación CSRF en algunos lugares y le falta sanitización y sanitise, lo que podría permitir a los atacantes hacer que el administrador registrado agregue payloads XSS almacenado a través de un ataque CSRF.


  36. CVE-2024-3992 -- 2024-06-14T06:15:12.607
    Received
      The Amen WordPress Plugin through 3.3.1 does not sanitise and sanitise some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento Amen WordPress hasta la versión 3.3.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio).


  37. CVE-2024-3978 -- 2024-06-14T06:15:12.520
    Received
      The WordPress Jitsi shortcode WordPress Plugin through 0.1 does not validate and sanitise some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks El complemento WordPress Jitsi shortcode de WordPress hasta la versión 0.1 no valida ni escapa algunos de sus atributos de shortcode antes de devolverlos a una página/publicación donde está incrustado el shortcode, lo que podría permitir a los usuarios con el rol de colaborador y superior realizar ataques de Cross-Site Scripting Almacenado.


  38. CVE-2024-3977 -- 2024-06-14T06:15:12.427
    Received
      The WordPress Jitsi shortcode WordPress Plugin through 0.1 does not sanitise and sanitise some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento WordPress Jitsi shortcode de WordPress hasta la versión 0.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio).


  39. CVE-2024-3972 -- 2024-06-14T06:15:12.330
    Received
      The Similarity WordPress Plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack El complemento Similarity WordPress hasta la versión 3.0 no tiene verificación CSRF en algunos lugares y le falta sanitización y sanitise, lo que podría permitir a los atacantes hacer que el administrador que haya iniciado sesión agregue payloads XSS almacenado a través de un ataque CSRF.


  40. CVE-2024-3971 -- 2024-06-14T06:15:12.250
    Received
      The Similarity WordPress Plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack El complemento Similarity WordPress hasta la versión 3.0 no tiene activada la verificación CSRF al restablecer su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los restablezca mediante un ataque CSRF.


  41. CVE-2024-3966 -- 2024-06-14T06:15:12.170
    Received
      The Pray For Me WordPress Plugin through 1.0.4 does not sanitise and sanitise some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin El complemento Pray For Me de WordPress hasta la versión 1.0.4 no sanitiza ni escapa a algunos parámetros, lo que podría permitir a visitantes no autenticados realizar ataques de Cross-Site Scripting que se activan cuando un administrador visita las solicitudes de oración en el administrador de WP.


  42. CVE-2024-3965 -- 2024-06-14T06:15:12.060
    Received
      The Pray For Me WordPress Plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack El complemento Pray For Me de WordPress hasta la versión 1.0.4 no tiene activada la verificación CSRF al actualizar su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF.


  43. CVE-2024-3754 -- 2024-06-14T06:15:11.950
    Received
      The Alemha watermarker WordPress Plugin through 1.3.1 does not sanitise and sanitise some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento Alemha watermarker de WordPress hasta la versión 1.3.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio).
      -


  44. CVE-2024-2218 -- 2024-06-14T06:15:11.570
    Received
      The LuckyWP Table of Contents WordPress Plugin through 2.1.4 does not sanitise and sanitise some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento LuckyWP Table of Contents de WordPress hasta la versión 2.1.4 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio)


  45. CVE-2024-2122 -- 2024-06-14T06:15:11.320
    Received
      The Best WordPress Gallery Plugin – FooGallery Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping.
      - This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
      El complemento Best WordPress Gallery Plugin – FooGallery de WordPress es vulnerable a Cross-Site Scripting Almacenado a través de URL personalizadas de la galería de álbumes en todas las versiones hasta la 2.4.15 incluida debido a una sanitización de entrada y un sanitise de salida insuficientes.
      - Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada.


  46. CVE-2024-1295 -- 2024-06-14T06:15:10.937
    Received
      The events-calendar-pro WordPress Plugin before 6.4.0.1, The Events Calendar WordPress Plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to.
      - (e.g.
      - password-protected events, drafts, etc.)
      El complemento events-calendar-pro de WordPress anterior a 6.4.0.1, el complemento Events Calendar WordPress anterior a 6.4.0.1 no impide que los usuarios con al menos el rol de colaborador filtren detalles sobre eventos a los que no deberían tener acceso.
      - (por ejemplo, eventos protegidos con contraseña, borradores, etc.)


  47. CVE-2024-4936 -- 2024-06-14T05:15:49.400
    Received
      The Canto Plugin for WordPress is vulnerable to Remote file Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter.
      - This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution.
      - This required allow_url_include to be enabled on the target site in order to exploit.
      El complemento Canto para WordPress es vulnerable a la inclusión remota de archivos en todas las versiones hasta la 3.0.8 incluida a través del parámetro abspath.
      - Esto hace posible que atacantes no autenticados incluyan archivos remotos en el servidor, lo que resulta en la ejecución de código.
      - Esto requería que enable_url_include estuviera habilitado en el sitio de destino para poder explotar.


  48. CVE-2024-1094 -- 2024-06-14T05:15:48.487
    Received
      The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the make_staff() function in all versions up to, and including, 1.0.21.
      - This makes it possible for unauthenticated attackers to grant users staff permissions.
      El complemento Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función make_staff() en todas las versiones hasta la 1.0.21 incluida.
      - Esto hace posible que atacantes no autenticados otorguen permisos de personal a los usuarios.


  49. CVE-2024-0892 -- 2024-06-14T04:15:17.910
    Received
      The Schema App Structured Data Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0.
      - This is due to missing or incorrect nonce validation on the MarkUpdate function.
      - This makes it possible for unauthenticated attackers to update and delete post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
      El complemento Schema App Structured Data para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.2.0 incluida.
      - Esto se debe a una validación nonce faltante o incorrecta en la función MarkUpdate.
      - Esto hace posible que atacantes no autenticados actualicen y eliminen metadatos de publicaciones a través de una solicitud falsificada, siempre que puedan engañar al administrador del sitio para que realice una acción como hacer clic en un enlace.


  50. CVE-2023-6492 -- 2024-06-14T04:15:17.503
    Received
      The Simple Sitemap – Create a Responsive HTML Sitemap Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13.
      - This is due to missing or incorrect nonce validation in the 'admin_notices' hook found in:
      class-settings.php.
      - This makes it possible for unauthenticated attackers to reset the Plugin options to a default state via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
      El complemento Simple Sitemap – Create a Responsive HTML Sitemap para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 3.5.13 incluida.
      - Esto se debe a una validación nonce faltante o incorrecta en el enlace 'admin_notices' que se encuentra en class-settings.php.
      - Esto hace posible que atacantes no autenticados restablezcan las opciones del complemento a un estado predeterminado mediante una solicitud falsificada, siempre que puedan engañar al administrador del sitio para que realice una acción como hacer clic en un enlace.






Newsletter Podcast
(30 gg free)