CVE-2024-7859

CVE-2024-7859

Título es
CVE-2024-7859

Jue, 12/09/2024 – 06:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-7859

Descripción en
The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

12/09/2024
12/09/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://wpscan.com/vulnerability/88cacd47-d900-478c-b833-c6c55fd4b082/

    • Enviar en el boletín
    Off

    CVE-2024-7822

    CVE-2024-7822

    Título es
    CVE-2024-7822

    Jue, 12/09/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7822

    Descripción en
    The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

    12/09/2024
    12/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/3a5bdd7e-7dd5-4749-9fad-ff4d7df20273/

    • Enviar en el boletín
    Off

    CVE-2024-7820

    CVE-2024-7820

    Título es
    CVE-2024-7820

    Jue, 12/09/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7820

    Descripción en
    The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

    12/09/2024
    12/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/31b2c97b-2458-43ee-93db-e57968ac8455/

    • Enviar en el boletín
    Off

    CVE-2024-7818

    CVE-2024-7818

    Título es
    CVE-2024-7818

    Jue, 12/09/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7818

    Descripción en
    The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

    12/09/2024
    12/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/3d2263b9-e1e7-4e86-8475-5e468eef1826/

    • Enviar en el boletín
    Off

    CVE-2024-7817

    CVE-2024-7817

    Título es
    CVE-2024-7817

    Jue, 12/09/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7817

    Descripción en
    The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack

    12/09/2024
    12/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/ab09e5a3-f5ea-479f-be2d-366f8707775e/

    • Enviar en el boletín
    Off

    CVE-2024-8056

    CVE-2024-8056

    Título es
    CVE-2024-8056

    Jue, 12/09/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8056

    Descripción en
    The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

    12/09/2024
    12/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/203b8122-f1e5-4e9e-ba83-f5cd59d8a289/

    • Enviar en el boletín
    Off

    CVE-2024-8054

    CVE-2024-8054

    Título es
    CVE-2024-8054

    Jue, 12/09/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-8054

    Descripción en
    The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

    12/09/2024
    12/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/f27deffc-9555-44bf-8dee-1891c210ecfd/

    • Enviar en el boletín
    Off

    CVE-2024-7862

    CVE-2024-7862

    Título es
    CVE-2024-7862

    Jue, 12/09/2024 – 06:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-7862

    Descripción en
    The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

    12/09/2024
    12/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://wpscan.com/vulnerability/9b54cd05-3bb8-4bb9-a0e4-fb00d97d5cae/

    • Enviar en el boletín
    Off

    CVE-2024-8708

    CVE-2024-8708

    Título es
    CVE-2024-8708

    Jue, 12/09/2024 – 02:15

    Tipo
    CWE-79

    Gravedad v2.0
    4.00

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2024-8708

    Descripción en
    A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file categories.php. The manipulation leads to cross site scripting. The attack may be initiated remotely.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:N/I:P/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://vuldb.com/?ctiid_277217=

  • https://vuldb.com/?id_277217=

  • https://vuldb.com/?submit_404864=

  • https://www.sourcecodester.com/

    • Enviar en el boletín
    Off

    CVE-2024-37397

    CVE-2024-37397

    Título es
    CVE-2024-37397

    Jue, 12/09/2024 – 02:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-37397

    Descripción en
    An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.

    12/09/2024
    12/09/2024
    Vector CVSS:3.1
    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022

    • Enviar en el boletín
    Off