Lucene search
+L

276 matches found

Vulnrichment
Vulnrichment
added 2025/01/07 7:22 a.m.5 views

CVE-2024-12202 Croma Music <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax

The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusicajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with...

8.8CVSS7.4AI score0.00523EPSS
Exploits0References2
CVE
CVE
added 2025/01/07 6:40 a.m.55 views

CVE-2024-11725

CVE-2024-11725 concerns the SMS Alert Order Notifications – WooCommerce WordPress plugin. Wordfence reports a missing capability check in updateWcWarrantySettings() across all versions up to and including 3.7.6, allowing authenticated attackers with subscriber-level access or higher to modify arb...

8.8CVSS8.8AI score0.00503EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2024/12/12 5:24 a.m.27 views

CVE-2024-12059 ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read

The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the elioptionvalue shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

4.3CVSS0.003EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/12/12 12:37 a.m.4 views

WordPress HQ Rental Software plugin <= 1.5.29 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability

Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by vgo0 in WordPress Plugin HQ Rental Software versions = 1.5.29...

8.8CVSS7AI score0.00377EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/04 3:22 p.m.13 views

CVE-2024-11643 Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update

The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessiblesavesettings' function in all versions up to, and including, 1.3.4. This makes it possible for...

8.8CVSS7.4AI score0.0072EPSS
Exploits0References3
CVE
CVE
added 2024/12/04 3:22 p.m.60 views

CVE-2024-11643

The CVE-2024-11643 entry concerns the WordPress plugin Accessibility by AllAccessible up to version 1.3.4. The connected sources confirm a missing capability check in AllAccessible_save_settings that lets authenticated users with Subscriber+ privileges modify arbitrary options, enabling privilege...

8.8CVSS8.8AI score0.0072EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/04 3:22 p.m.44 views

CVE-2024-11643 Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update

The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessiblesavesettings' function in all versions up to, and including, 1.3.4. This makes it possible for...

8.8CVSS0.0072EPSS
Exploits0References3
OSV
OSV
added 2024/11/22 6:15 a.m.5 views

CVE-2024-11601

The Sky Addons for Elementor Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect...

8.1CVSS5.7AI score0.00314EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/22 5:33 a.m.26 views

CVE-2024-11601 Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update

The Sky Addons for Elementor Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect...

8.1CVSS0.00314EPSS
Exploits0References4
CVE
CVE
added 2024/11/22 5:33 a.m.62 views

CVE-2024-11601

CVE-2024-11601 affects Sky Addons for Elementor (WordPress) up to version 2.6.1, due to missing nonce validation in save_options(), enabling CSRF that could let unauthenticated attackers modify options by tricking an administrator. A fix is available in 2.6.2; upgrade to that version or apply ven...

8.1CVSS7.8AI score0.00314EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/22 5:33 a.m.14 views

CVE-2024-11601 Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update

The Sky Addons for Elementor Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect...

8.1CVSS6.6AI score0.00314EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/22 5:33 a.m.30 views

CVE-2024-11104 Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update

The Sky Addons for Elementor Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the saveoptions...

8.1CVSS0.00666EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/11/21 10:23 p.m.5 views

WordPress Sky Addons for Elementor plugin <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Arbitrary Options Update vulnerability discovered by vgo0 in WordPress Plugin Sky Addons for Elementor versions = 2.6.2...

8.1CVSS7AI score0.00666EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2024/11/21 4:19 p.m.108 views

Exploit for CVE-2024-52382

CVE-2024-52382 Matix Popup Builder = 1.0.0 - Unauthenticat...

9.8CVSS9.6AI score0.00955EPSS
Exploits1
NVD
NVD
added 2024/11/19 12:15 p.m.18 views

CVE-2024-11194

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtclimportsettings' function in all versions up to, and including, 3.1.15.1. This...

8.8CVSS0.00548EPSS
Exploits0References4
CVE
CVE
added 2024/11/19 11:32 a.m.59 views

CVE-2024-11194

CVE-2024-11194 affects the WordPress plugin Classified Listing – Classified ads & Business Directory Plugin (versions

8.8CVSS8.8AI score0.00548EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/11/19 1:6 a.m.3 views

WordPress Classified Listing plugin <= 3.1.15.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update vulnerability

Authenticated Subscriber+ Limited Arbitrary Option Update vulnerability discovered by vgo0 in WordPress Plugin Classified Listing versions = 3.1.15.1...

8.8CVSS7AI score0.00548EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/11/09 8:15 a.m.11 views

CVE-2024-10589

The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...

9.8CVSS0.00473EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/09 7:35 a.m.15 views

CVE-2024-10589 Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...

9.8CVSS7.4AI score0.00473EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/09 7:35 a.m.27 views

CVE-2024-10589 Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...

9.8CVSS0.00473EPSS
Exploits0References2
Rows per page
Query Builder