276 matches found
CVE-2024-12202 Croma Music <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax
The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusicajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with...
CVE-2024-11725
CVE-2024-11725 concerns the SMS Alert Order Notifications – WooCommerce WordPress plugin. Wordfence reports a missing capability check in updateWcWarrantySettings() across all versions up to and including 3.7.6, allowing authenticated attackers with subscriber-level access or higher to modify arb...
CVE-2024-12059 ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the elioptionvalue shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...
WordPress HQ Rental Software plugin <= 1.5.29 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability
Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by vgo0 in WordPress Plugin HQ Rental Software versions = 1.5.29...
CVE-2024-11643 Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessiblesavesettings' function in all versions up to, and including, 1.3.4. This makes it possible for...
CVE-2024-11643
The CVE-2024-11643 entry concerns the WordPress plugin Accessibility by AllAccessible up to version 1.3.4. The connected sources confirm a missing capability check in AllAccessible_save_settings that lets authenticated users with Subscriber+ privileges modify arbitrary options, enabling privilege...
CVE-2024-11643 Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessiblesavesettings' function in all versions up to, and including, 1.3.4. This makes it possible for...
CVE-2024-11601
The Sky Addons for Elementor Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect...
CVE-2024-11601 Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update
The Sky Addons for Elementor Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect...
CVE-2024-11601
CVE-2024-11601 affects Sky Addons for Elementor (WordPress) up to version 2.6.1, due to missing nonce validation in save_options(), enabling CSRF that could let unauthenticated attackers modify options by tricking an administrator. A fix is available in 2.6.2; upgrade to that version or apply ven...
CVE-2024-11601 Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update
The Sky Addons for Elementor Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect...
CVE-2024-11104 Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
The Sky Addons for Elementor Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the saveoptions...
WordPress Sky Addons for Elementor plugin <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Arbitrary Options Update vulnerability discovered by vgo0 in WordPress Plugin Sky Addons for Elementor versions = 2.6.2...
Exploit for CVE-2024-52382
CVE-2024-52382 Matix Popup Builder = 1.0.0 - Unauthenticat...
CVE-2024-11194
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtclimportsettings' function in all versions up to, and including, 3.1.15.1. This...
CVE-2024-11194
CVE-2024-11194 affects the WordPress plugin Classified Listing – Classified ads & Business Directory Plugin (versions
WordPress Classified Listing plugin <= 3.1.15.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update vulnerability
Authenticated Subscriber+ Limited Arbitrary Option Update vulnerability discovered by vgo0 in WordPress Plugin Classified Listing versions = 3.1.15.1...
CVE-2024-10589
The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...
CVE-2024-10589 Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...
CVE-2024-10589 Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...