Alexacrm Dynamics 365 Integration vulnerabilities
4 known vulnerabilities affecting alexacrm/dynamics_365_integration.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-12583P2CRITICALCVSS 9.9≤ 1.3.232025-01-04
CVE-2024-12583 [CRITICAL] CWE-1336 CVE-2024-12583: The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitra
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor
nvd
CVE-2023-28417P4MEDIUMCVSS 5.4≥ n/a, ≤ 1.3.122024-12-09
CVE-2023-28417 [MEDIUM] CWE-862 CVE-2023-28417: Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrect
Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12.
nvd
CVE-2024-34550P4MEDIUMCVSS 5.3≥ n/a, ≤ 1.3.172024-05-14
CVE-2024-34550 [MEDIUM] CWE-532 CVE-2024-34550: Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.
Insertion of Sensitive Information into Log File vulnerability in AlexaCRM Dynamics 365 Integration.This issue affects Dynamics 365 Integration: from n/a through 1.3.17.
nvd
CVE-2023-29422P4MEDIUMCVSS 4.3≥ n/a, ≤ 1.3.132024-12-09
CVE-2023-29422 [MEDIUM] CWE-862 CVE-2023-29422: Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrect
Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13.
nvd