Vulnerabilità WordPress (qui elenco plugin) fonte: NIST CVES
- CVE-2024-8902 -- 2024-10-12T10:15:03.810
Received- The Elementor Addon Elements Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php.
- This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. - CVE-2024-8757 -- 2024-10-12T10:15:02.687
Received- The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder Plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
- This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. - CVE-2024-9696 -- 2024-10-12T09:15:03.590
Received- The Rescue shortcodes Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes.
- This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - CVE-2024-9595 -- 2024-10-12T09:15:03.230
Received- The TablePress – Tables in WordPress made easy Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping.
- This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - CVE-2024-8915 -- 2024-10-12T09:15:02.950
Received- The Category Icon Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping.
- This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. - CVE-2024-8760 -- 2024-10-12T09:15:02.677
Received- The Stackable – Page Builder Gutenberg Blocks Plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6.
- This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact.
- These nonces could be used to perform CSRF attacks within a limited time window.
- The presence of other Plugins may make additional nonces available, which may pose a risk in Plugins that don't perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users. - CVE-2024-9756 -- 2024-10-12T07:15:02.820
Received- The Order Attachments for WooCommerce Plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1.
- This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types. - CVE-2024-9704 -- 2024-10-12T07:15:02.570
Received- The Social Sharing (by Danny) Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Plugin's 'dvk_social_sharing' shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes.
- This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - CVE-2024-9047 -- 2024-10-12T07:15:02.170
Received- The WordPress file Upload Plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php.
- This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory.
- Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier. - CVE-2024-9824 -- 2024-10-12T06:15:04.230
Received- The ImagePress – Image Gallery Plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2.
- This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts and update post titles. - CVE-2024-9778 -- 2024-10-12T06:15:03.930
Received- The ImagePress – Image Gallery Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2.
- This is due to missing or incorrect nonce validation on the 'imagepress_admin_page' function.
- This makes it possible for unauthenticated attackers to update Plugin settings, including redirection URLs, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. - CVE-2024-9776 -- 2024-10-12T06:15:03.640
Received- The ImagePress – Image Gallery Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping.
- This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- This only affects multi-site installations and installations where unfiltered_html has been disabled. - CVE-2024-9670 -- 2024-10-12T06:15:03.347
Received- The 2D Tag Cloud Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.2.
- This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - CVE-2024-9656 -- 2024-10-12T06:15:03.077
Received- The Mynx Page Builder Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping.
- This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. - CVE-2024-9187 -- 2024-10-12T06:15:02.803
Received- The Read more By Adam Plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8.
- This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons. - CVE-2024-7489 -- 2024-10-12T06:15:02.337
Received- The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping.
- This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- This only affects multi-site installations and installations where unfiltered_html has been disabled. - CVE-2024-9860 -- 2024-10-12T03:15:02.757
Received- The Bridge Core Plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'import_action' and 'install_Plugin_per_demo' functions in versions up to, and including, 3.3.
- This makes it possible for authenticated attackers with subscriber-level permissions or above, to delete or change Plugin settings, import demo data, and install limited Plugins. - CVE-2024-9821 -- 2024-10-12T03:15:02.507
Received- The Bot for Telegram on WooCommerce Plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.4.
- This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an administrator, if they know the username, due to the Login with Telegram feature. - CVE-2024-9592 -- 2024-10-12T03:15:02.243
Received- The Easy PayPal Gift Certificate Plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3.
- This is due to missing or incorrect nonce validation on the 'wpppgc_Plugin_options' function.
- This makes it possible for unauthenticated attackers to update the Plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. - CVE-2024-9707 -- 2024-10-11T13:15:21.233
Received- The Hunk Companion Plugin for WordPress is vulnerable to unauthorized Plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4.
- This makes it possible for unauthenticated attackers to install and activate arbitrary Plugins which can be leveraged to achieve remote code execution if another vulnerable Plugin is installed and activated. - CVE-2024-9616 -- 2024-10-11T13:15:20.703
Received- The BlockMeister – Block Pattern Builder Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.10.
- This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - CVE-2024-9611 -- 2024-10-11T13:15:20.487
Received- The Increase upload file size & Maximum Execution Time limit Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.
- This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - CVE-2024-9610 -- 2024-10-11T13:15:20.257
Received- The Language Switcher Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13.
- This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - CVE-2024-9587 -- 2024-10-11T13:15:20.043
Received- The Linkz.ai Plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8.
- This makes it possible for authenticated attackers with contributor-level privileges or above, to update Plugin settings. - CVE-2024-9586 -- 2024-10-11T13:15:19.823
Received- The Linkz.ai Plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8.
- This makes it possible for unauthenticated attackers to update Plugin settings. - CVE-2024-9543 -- 2024-10-11T13:15:19.577
Received- The PowerPress Podcasting Plugin by Blubrry Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes.
- This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - CVE-2024-9538 -- 2024-10-11T13:15:19.373
Received- The ShopLentor Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php.
- This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. - CVE-2024-9507 -- 2024-10-11T13:15:19.160
Received- The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder Plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function.
- This makes it possible for authenticated attackers, with Administrator-level access and above, to leverage a PHP filter chain attack and read the contents of arbitrary files on the server, which can contain sensitive information. - CVE-2024-9436 -- 2024-10-11T13:15:18.947
Received- The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.14.
- This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - CVE-2024-9346 -- 2024-10-11T13:15:18.740
Received- The Embed videos and respect privacy Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'v' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping.
- This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - CVE-2024-9234 -- 2024-10-11T13:15:18.530
Received- The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor Plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_Plugin_from_external() function (install-active-Plugin REST API endpoint) in all versions up to, and including, 2.1.0.
- This makes it possible for unauthenticated attackers to install and activate arbitrary Plugins, or utilize the functionality to upload arbitrary files spoofed like Plugins. - CVE-2024-9232 -- 2024-10-11T13:15:18.313
Received- The Download Plugins and Themes in ZIP from Dashboard Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1.
- This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - CVE-2024-9221 -- 2024-10-11T13:15:18.100
Received- The Tainacan Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10.
- This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - CVE-2024-9211 -- 2024-10-11T13:15:17.883
Received- The FULL – Cliente Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.22.
- This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - CVE-2024-9051 -- 2024-10-11T13:15:17.477
Received- The WP Ultimate Post Grid Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Plugin's wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping on user supplied attributes.
- This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - CVE-2024-8913 -- 2024-10-11T13:15:17.040
Received- The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tp_accordion.php.
- This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. - CVE-2024-7514 -- 2024-10-11T13:15:16.800
Received- The WordPress Comments Import & Export Plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7.
- This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9 - CVE-2024-9822 -- 2024-10-11T03:15:10.967
Received- The Pedalo Connector Plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5.
- This is due to insufficient restriction on the 'login_admin_user' function.
- This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator. El complemento Pedalo Connector para WordPress es vulnerable a la omisión de autenticación en versiones hasta la 2.0.5 incluida.
- Esto se debe a una restricción insuficiente en la función 'login_admin_user'.
- Esto hace posible que atacantes no autenticados inicien sesión con el primer usuario, que normalmente es el administrador, o si no existe, con el primer administrador. - CVE-2024-9796 -- 2024-10-10T08:15:04.140
Undergoing Analysis- The WP-Advanced-Search WordPress Plugin before 3.3.9.2 does not sanitize and sanitise the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL Injection attacks El complemento WP-Advanced-Search para WordPress anterior a la versión 3.3.9.2 no desinfecta ni escapa el parámetro t antes de usarlo en una declaración SQL, lo que permite que usuarios no autenticados realicen ataques de inyección SQL.
- CVE-2024-9156 -- 2024-10-10T06:15:11.290
Undergoing Analysis- The TI WooCommerce Wishlist WordPress Plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
- This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento TI WooCommerce Wishlist de WordPress hasta la versión 2.8.2 es vulnerable a la inyección SQL debido a un sanitise insuficiente en el parámetro proporcionado por el usuario y a la falta de preparación suficiente en la consulta SQL existente.
- Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer información confidencial de la base de datos. - CVE-2024-9520 -- 2024-10-10T03:15:03.177
Undergoing Analysis- The UserPlus Plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0.
- This makes it possible for authenticated attackers with subscriber-level permissions or above, to add, modify, or delete user meta and Plugin options. El complemento UserPlus para WordPress es vulnerable al acceso no autorizado, la modificación y la pérdida de datos debido a la falta de comprobación de capacidad en varias funciones en todas las versiones hasta la 2.0 incluida.
- Esto permite que atacantes autenticados con permisos de nivel de suscriptor o superior agreguen, modifiquen o eliminen metadatos de usuario y opciones del complemento. - CVE-2024-9074 -- 2024-10-10T03:15:02.963
Undergoing Analysis- The Advanced Blocks Pro Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping.
- This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. El complemento Advanced Blocks Pro para WordPress es vulnerable a Cross Site Scripting almacenado a través de la carga de archivos SVG en todas las versiones hasta la 1.0.0 incluida, debido a una desinfección de entrada y un sanitise de salida insuficientes.
- Esto permite que atacantes autenticados, con acceso de nivel de autor o superior, inyecten secuencias de comandos web arbitrarias en páginas que se ejecutarán cada vez que un usuario acceda al archivo SVG. - CVE-2024-9067 -- 2024-10-10T03:15:02.740
Undergoing Analysis- The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress Plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' function in all versions up to, and including, 1.3.0.
- This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. El complemento Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin para WordPress es vulnerable a la modificación no autorizada de datos debido a una falta de verificación de capacidad en la función 'delete_attachment' en todas las versiones hasta la 1.3.0 incluida.
- Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, eliminen archivos adjuntos arbitrarios. - CVE-2024-9022 -- 2024-10-10T03:15:02.523
Undergoing Analysis- The TS Poll – Survey, Versus Poll, Image Poll, Video Poll Plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
- This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento TS Poll – Survey, Versus Poll, Image Poll, Video Poll para WordPress es vulnerable a la inyección SQL a través del parámetro 'orderby' en todas las versiones hasta la 2.3.9 incluida, debido a un sanitise insuficiente en el parámetro proporcionado por el usuario y a la falta de preparación suficiente en la consulta SQL existente.
- Esto permite que los atacantes autenticados, con acceso de nivel de administrador o superior, agreguen consultas SQL adicionales a las consultas ya existentes que se pueden usar para extraer información confidencial de la base de datos. - CVE-2024-8477 -- 2024-10-10T03:15:02.300
Undergoing Analysis- The Newsletter, SMTP, email marketing and Subscribe forms by Brevo (formely Sendinblue) Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87.
- This is due to missing or incorrect nonce validation on the Init() function.
- This makes it possible for unauthenticated attackers to log out of a Brevo connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Newsletter, SMTP, email marketing and Subscribe forms by Brevo (formely Sendinblue) de WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 3.1.87 incluida.
- Esto se debe a la falta o la validación incorrecta de nonce en la función Init().
- Esto hace posible que atacantes no autenticados cierren sesión en una conexión de Brevo a través de una solicitud falsificada, siempre que puedan engañar a un administrador del sitio para que realice una acción como hacer clic en un enlace. - CVE-2024-9685 -- 2024-10-10T02:15:06.440
Undergoing Analysis- The Notification for Telegram Plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1.
- This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings. El complemento Notification for Telegram para WordPress es vulnerable al envío no autorizado de mensajes de prueba debido a una falta de verificación de capacidad en la función 'nftb_test_action' en versiones hasta la 3.3.1 incluida.
- Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, envíen un mensaje de prueba a través de la API de bots de Telegram a todos los usuarios configurados en los ajustes. - CVE-2024-9581 -- 2024-10-10T02:15:06.227
Undergoing Analysis- The shortcodes AnyWhere Plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1.
- This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode.
- This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. El complemento shortcodes AnyWhere para WordPress es vulnerable a la ejecución arbitraria de códigos cortos en todas las versiones hasta la 1.0.1 incluida.
- Esto se debe a que el software permite a los usuarios ejecutar una acción que no valida correctamente un valor antes de ejecutar do_shortcode.
- Esto hace posible que atacantes no autenticados ejecuten códigos cortos arbitrarios. - CVE-2024-9522 -- 2024-10-10T02:15:06.013
Undergoing Analysis- The WP Users Masquerade Plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0.
- This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function.
- This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. El complemento WP Users Masquerade para WordPress es vulnerable a la omisión de autenticación en versiones hasta la 2.0.0 incluida.
- Esto se debe a una verificación de autenticación y capacidad incorrecta en la función 'ajax_masq_login'.
- Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, inicien sesión como cualquier usuario existente en el sitio, como un administrador. - CVE-2024-9519 -- 2024-10-10T02:15:05.787
Undergoing Analysis- The UserPlus Plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0.
- This makes it possible for authenticated attackers, with editor-level permissions or above, to update the registration form role to administrator, which leads to privilege escalation. El complemento UserPlus para WordPress es vulnerable a la modificación no autorizada de datos debido a una comprobación incorrecta de la capacidad de la función 'save_metabox_form' en versiones hasta la 2.0 incluida.
- Esto hace posible que atacantes autenticados, con permisos de nivel de editor o superior, actualicen el rol del formulario de registro a administrador, lo que conduce a una escalada de privilegios. - CVE-2024-9518 -- 2024-10-10T02:15:05.590
Undergoing Analysis- The UserPlus Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions.
- This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration. El complemento UserPlus para WordPress es vulnerable a la escalada de privilegios en versiones hasta la 2.0 incluida debido a una restricción insuficiente en las funciones 'form_actions' y 'userplus_update_user_profile'.
- Esto permite que atacantes no autenticados especifiquen su rol de usuario proporcionando el parámetro 'role' durante un registro.