CVE-2024-13109

CVE-2024-13109

Título es
CVE-2024-13109

Jue, 02/01/2025 – 13:15

Tipo
CWE-266

Gravedad v2.0
5.00

Gravedad 2.0 Txt
MEDIUM

Título en

CVE-2024-13109

Descripción en
A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. It has been rated as critical. This issue affects some unknown processing of the file /doc.html. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

02/01/2025
02/01/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vector CVSS:2.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Gravedad 4.0
6.90

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)
5.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://github.com/qiutiandefeng/yfexam-exam/issues/4

  • https://github.com/qiutiandefeng/yfexam-exam/issues/4#issue-2754670219

  • https://vuldb.com/?ctiid_289925=

  • https://vuldb.com/?id_289925=

  • https://vuldb.com/?submit_467695=

    • Enviar en el boletín
    Off

    CVE-2024-56268

    CVE-2024-56268

    Título es
    CVE-2024-56268

    Jue, 02/01/2025 – 13:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56268

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through 2.0.18.

    02/01/2025
    02/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/post-grid-elementor-addon/vulnerability/wordpress-post-grid-elementor-addon-plugin-2-0-18-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2023-46609

    CVE-2023-46609

    Título es
    CVE-2023-46609

    Jue, 02/01/2025 – 12:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-46609

    Descripción en
    Missing Authorization vulnerability in FeedFocal FeedFocal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FeedFocal: from n/a through 1.2.2.

    02/01/2025
    02/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/feedfocal/vulnerability/wordpress-feedfocal-plugin-1-2-1-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2023-46608

    CVE-2023-46608

    Título es
    CVE-2023-46608

    Jue, 02/01/2025 – 12:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-46608

    Descripción en
    Missing Authorization vulnerability in WPDO DoLogin Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through 3.7.1.

    02/01/2025
    02/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/dologin/vulnerability/wordpress-dologin-security-plugin-3-7-1-multiple-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2023-46607

    CVE-2023-46607

    Título es
    CVE-2023-46607

    Jue, 02/01/2025 – 12:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-46607

    Descripción en
    Missing Authorization vulnerability in WP iCal Availability WP iCal Availability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP iCal Availability: from n/a through 1.0.3.

    02/01/2025
    02/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/wp-ical-availability/vulnerability/wordpress-wp-ical-availability-plugin-1-0-3-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2023-46632

    CVE-2023-46632

    Título es
    CVE-2023-46632

    Jue, 02/01/2025 – 12:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-46632

    Descripción en
    Missing Authorization vulnerability in David Cramer My Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Shortcodes: from n/a through 2.3.

    02/01/2025
    02/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://patchstack.com/database/wordpress/plugin/my-shortcodes/vulnerability/wordpress-my-shortcodes-plugin-2-3-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2023-46631

    CVE-2023-46631

    Título es
    CVE-2023-46631

    Jue, 02/01/2025 – 12:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-46631

    Descripción en
    Missing Authorization vulnerability in RevenueHunt Product Recommendation Quiz for eCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Recommendation Quiz for eCommerce: from n/a through 2.1.2.

    02/01/2025
    02/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/product-recommendation-quiz-for-ecommerce/vulnerability/wordpress-product-recommendation-quiz-for-ecommerce-plugin-2-1-0-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2023-46628

    CVE-2023-46628

    Título es
    CVE-2023-46628

    Jue, 02/01/2025 – 12:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-46628

    Descripción en
    Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4.

    02/01/2025
    02/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/wp-word-count/vulnerability/wordpress-wp-word-count-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2023-46616

    CVE-2023-46616

    Título es
    CVE-2023-46616

    Jue, 02/01/2025 – 12:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-46616

    Descripción en
    Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15.

    02/01/2025
    02/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.40

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/draw-attention/vulnerability/wordpress-draw-attention-plugin-2-0-15-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2023-46612

    CVE-2023-46612

    Título es
    CVE-2023-46612

    Jue, 02/01/2025 – 12:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2023-46612

    Descripción en
    Missing Authorization vulnerability in codedrafty Mediabay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mediabay: from n/a through 1.6.

    02/01/2025
    02/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/mediabay-lite/vulnerability/wordpress-mediabay-plugin-1-6-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off