Lucene search
K

62 matches found

WPVulnDB
WPVulnDB
added 2024/06/13 12:0 a.m.10 views

Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin < 1.0.22 - Missing Authorization to Limited Privilege Escalation

Description The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This...

7.3CVSS6.6AI score0.00542EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.18 views

PowerPack Pro for Elementor < 2.10.18 - Authenticated (Contributor+) Privilege Escalation

Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for...

8.8CVSS6.7AI score0.00431EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/31 12:0 a.m.14 views

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin < 3.2.1 - Missing Authorization to Privilege Escalation

Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This...

7.1CVSS6.4AI score0.00334EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/30 12:0 a.m.16 views

UserPro < 5.1.9 - Unauthenticated Account Takeover to Privilege Escalation

Description The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthenticated account takeover in all versions up to, and including 5.1.8. This makes it possible for unauthenticated attackers to take over user accounts and gain highly privileged acces...

9.8CVSS9.4AI score0.00487EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.13 views

Pie Register - Social Sites Login (Add on) < 1.7.8 - Unauthenticated Privilege Escalation

Description The plugin is vulnerable to authentication bypass due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they ha...

9.8CVSS7.1AI score0.00581EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.30 views

Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation

Description The plugin is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of th...

9.8CVSS6.6AI score0.02333EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.17 views

Visualizer: Tables and Charts Manager for WordPress < 3.11.0 - Missing Authorization to Arbitrary SQL Execution

Description The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for...

8.8CVSS7.3AI score0.00614EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.24 views

Tutor LMS Pro < 2.7.1 - Missing Authorization to Privilege Escalation

Description The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, wit...

8.8CVSS6.7AI score0.01023EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/09 12:0 a.m.15 views

Spectra Pro < 1.1.6 - Authenticated (Author+) Privilege Escalation

Description The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for...

8.8CVSS6.8AI score0.00563EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.16 views

EAN for WooCommerce < 4.9.0 - Authenticated (Shop Manager+) Arbitrary Options Update

Description The EAN for WooCommerce plugin for WordPress is vulnerable to arbitrary options updates n all versions up to, and including, 4.8.9. This is due to insufficient restrictions on option values that can be supplied. This makes it possible for authenticated attackers, with Shop Manager-lev...

7.2CVSS6.5AI score0.01095EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.17 views

XStore < 9.3.9 - Subscriber+ Arbitrary Options Update

Description The theme is vulnerable to unauthorized modification of data due to a missing capability check on a function, allowing authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be used to achieve privilege escalation...

8.8CVSS9.3AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.22 views

Barcode Scanner with Inventory & Order Manager < 1.5.4 - Unauthenticated Privilege Escalation

Description The Barcode Scanner and Inventory manager. POS Point of Sale – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.3. This is due to the plugin not properly restricting user meta values...

9.8CVSS7.4AI score0.00501EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

Booking Ultra Pro < 1.1.13 - Authenticated (Contributor+) Privilege Escalation

Description The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor-level access and above, to escalate their privileges...

8.8CVSS7.3AI score0.00448EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.13 views

Sirv < 7.2.3 - Missing Authorization to Arbitrary Options Update

Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirvdismissnotice function in all versions up to, and including, 7.2.2. This makes it possible for authenticated attackers, with...

8.8CVSS6.9AI score0.00434EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.12 views

Login with phone number < 1.7.17 - Unauthorized Account Password Change to Privilege Escalation

Description The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.16. This is due to the plugin not properly verifying the identity of a user who is trying to reset a password. This makes it possible for authenticated...

8.8CVSS9.5AI score0.00461EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.17 views

WP Datepicker < 2.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

Description The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS6.9AI score0.00911EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/22 12:0 a.m.16 views

Frontend Admin by DynamiApps < 3.19.5 - Improper Missing Encryption Exception Handling to Form Manipulation

Description The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'feaencrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms...

9.8CVSS7AI score0.00815EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/19 12:0 a.m.22 views

User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin < 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the formsaveaction function in all versions up to, and including, 3.1.5. This makes it possib...

8.8CVSS6.9AI score0.00938EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/12 12:0 a.m.13 views

s2Member < 240325 - Limited Privilege Escalation

Description The plugin is vulnerable to limited privilege escalation in versions up to, and including, 240315. This is due to insufficient controls during user registration. This makes it possible for unauthenticated attackers to register with higher than the default permissions...

7.5CVSS9.5AI score0.00417EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/12 12:0 a.m.17 views

Demo My WordPress < 1.1.0 - Unauthenticated Privilege Escalation

Description The Demo My WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.9.1. This is due to insufficient verification on privilege assignment. This makes it possible for unauthenticated attackers to gain elevated access to a vulnerabl...

9.8CVSS7.5AI score0.00501EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder