spyata123

6 exploits Active since Apr 2019
CVE-2023-5359 NOMISEC LOW WORKING POC
W3 Total Cache <= 2.7.5 - Unauthenticated Sensitive Information Exposure via Google OAuth API Secrets
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way.
CVSS 3.7
CVE-2024-12008 NOMISEC MEDIUM STUB
W3 Total Cache <= 2.8.1 - Unauthenticated Sensitive Information Exposure via Debug Log File
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks. Note: the debug feature must be enabled for this to be a concern, and it is disabled by default.
CVSS 5.3
CVE-2024-12365 NOMISEC HIGH WORKING POC
W3 Total Cache <= 2.8.1 - Authenticated Missing Authorization in is_w3tc_admin_page
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications.
CVSS 8.5
CVE-2023-3128 NOMISEC CRITICAL SCANNER
Grafana 6.7.0-8.5.26 and 9.4.0-9.4.12 - Authentication Bypass via Azure AD Email Claim Spoofing
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
CVSS 9.4
CVE-2019-6715 NOMISEC HIGH WORKING POC
W3 Total Cache <0.9.4 - Info Disclosure
pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data.
CVSS 7.5
CVE-2013-2010 NOMISEC CRITICAL WORKING POC
W3 Total Cache < 0.9.2.8 - Remote PHP Code Execution
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
CVSS 9.8