Lucene search
K

166 matches found

NVD
NVD
added 2024/06/01 7:15 a.m.12 views

CVE-2024-1324

The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the saveremoteimagesgetautosavedresults function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated...

5.3CVSS5.5AI score0.00349EPSS
Exploits0References2
CVE
CVE
added 2024/05/22 6:50 a.m.69 views

CVE-2024-1446

CVE-2024-1446 affects NextScripts: Social Networks Auto-Poster for WordPress. The vulnerability is a Cross-Site Request Forgery on the nxssnap-reposter page that allowed unauthenticated attackers to delete posts/pages via forged admin actions. It affects all versions up to and including 4.4.3. Co...

5.4CVSS5.6AI score0.00181EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/05/22 12:0 a.m.4 views

WordPress Plugin WP Scraper 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS6.5AI score0.00343EPSS
Exploits0References3
OSV
OSV
added 2024/05/21 12:15 p.m.3 views

CVE-2024-3268

The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emdformbuilderlitesubmitform function in all versions up to, and including, 3.3.6. This makes it...

5.3CVSS5.9AI score0.00326EPSS
Exploits0References2
CVE
CVE
added 2024/05/09 8:3 p.m.68 views

CVE-2024-3915

CVE-2024-3915 affects the Swift Framework WordPress plugin (versions up to and including 2.7.31). The root cause is a missing capability check in sf_edit_directory_item(), enabling unauthenticated attackers to modify arbitrary posts/content. Impact per available data is limited to integrity (LOW)...

5.3CVSS6.7AI score0.00377EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 5:15 p.m.14 views

CVE-2024-3599

The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete...

5.3CVSS5.2AI score0.0053EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.19 views

CVE-2024-3599 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete...

5.3CVSS5.4AI score0.0053EPSS
Exploits0References2
NVD
NVD
added 2024/04/30 3:15 a.m.12 views

CVE-2024-1371

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...

6.5CVSS6.7AI score0.00587EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/30 2:35 a.m.25 views

CVE-2024-1371 LeadConnector <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...

6.5CVSS6.8AI score0.00587EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/30 2:35 a.m.15 views

CVE-2024-1371

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...

6.5CVSS7.1AI score0.00587EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/15 11:55 a.m.8 views

WordPress Meta Box plugin < 5.9.4 - Contributor+ Arbitrary Posts Custom Field Disclosure vulnerability

Contributor+ Arbitrary Posts Custom Field Disclosure vulnerability discovered by Scott Kingsley Clark in WordPress Plugin Meta Box – WordPress Custom Fields Framework versions 5.9.4...

4.3CVSS8.5AI score0.00501EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/04/15 5:0 a.m.23 views

CVE-2024-1204 Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure

The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...

6.8AI score0.00501EPSS
Exploits2References1
NVD
NVD
added 2024/04/02 10:15 a.m.12 views

CVE-2024-1732

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...

5.3CVSS5.2AI score0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/02 9:32 a.m.18 views

CVE-2024-1732 Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...

5.3CVSS5.5AI score0.00397EPSS
Exploits0References2
CVE
CVE
added 2024/04/02 9:32 a.m.57 views

CVE-2024-1732

CVE-2024-1732 : The Sharkdropship Dropshipping & Affiliate for AliExpress WordPress plugin is vulnerable to unauthenticated data loss via a missing capability check in wads_removeProductFromShop(), affecting all versions up to 2.2.4. Impact is unauthorized deletion of posts; CVSS indicates networ...

5.3CVSS9.1AI score0.00397EPSS
Exploits0References2
wpexploit
wpexploit
added 2024/03/25 12:0 a.m.142 views

Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure

Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. 1. ADMIN: Install Meta Box 2. ADMIN: Add Meta Box fields through code or the premium add-on...

6.8AI score0.00501EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/03/13 3:26 p.m.20 views

CVE-2024-1642 MainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulk

The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it possible for...

4.3CVSS4.6AI score0.00303EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/09 7:1 a.m.18 views

CVE-2024-1125 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendareventsdelete function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with...

5.4CVSS6.4AI score0.00324EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/09 7:1 a.m.17 views

CVE-2024-1123 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for authenticated...

6.5CVSS6.4AI score0.0041EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/03/08 12:0 a.m.14 views

EventPrime – Events Calendar, Bookings and Tickets < 3.4.3 - Missing Authorization to Arbitrary Post Overwrite

Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for...

6.5CVSS6.7AI score0.0041EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder