Analysis Summary

CVE-2024-9541 CVSS:4.3

News Kit Elementor Addons Plugin for WordPress could allow a remote authenticated attacker to obtain sensitive information, caused by an error in includes/widgets/canvas-menu/canvas-menu.php. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.

CVE-2024-9591 CVSS:5.5

The Category and Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_category_image' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2024-9589 CVSS:5.5

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2024-9590 CVSS:5.5

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2024-9588 CVSS:5.4

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaft_option_page' function. This makes it possible for unauthenticated attackers to add and delete taxonomy meta, granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2024-8852 CVSS:5.3

All-in-One WP Migration and Backup Plugin for WordPress could allow a remote attacker to obtain sensitive information, caused by publicly exposing log files. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.

CVE-2024-10003 CVSS:6.3

Rover IDX Plugin for WordPress could allow a remote authenticated attacker to bypass security restrictions, caused by missing capability check. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to add, modify, or delete plugin options.

CVE-2024-10002 CVSS:8.8

Rover IDX plugin for WordPress could allow a remote authenticated attacker to bypass security restrictions, caused by insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. By sending a specially crafted request, an attacker could exploit this vulnerability to log in to administrator.

Impact

• Information Disclosure
• Cross-site Scripting
• Security Bypass

Indicators of Compromise

CVE

• CVE-2024-9541
• CVE-2024-9591
• CVE-2024-9589
• CVE-2024-9590
• CVE-2024-9588
• CVE-2024-8852
• CVE-2024-10003
• CVE-2024-10002

Affected Vendors

Remediation

Upgrade to the latest version of Plugin, available from the WordPress Plugin Directory.

CVE-2024-9541

CVE-2024-9591

CVE-2024-9589

CVE-2024-9590

CVE-2024-9588

CVE-2024-8852

CVE-2024-10003

CVE-2024-10002