166 matches found
CVE-2024-1324
The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the saveremoteimagesgetautosavedresults function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated...
CVE-2024-1446
CVE-2024-1446 affects NextScripts: Social Networks Auto-Poster for WordPress. The vulnerability is a Cross-Site Request Forgery on the nxssnap-reposter page that allowed unauthenticated attackers to delete posts/pages via forged admin actions. It affects all versions up to and including 4.4.3. Co...
WordPress Plugin WP Scraper 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-3268
The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emdformbuilderlitesubmitform function in all versions up to, and including, 3.3.6. This makes it...
CVE-2024-3915
CVE-2024-3915 affects the Swift Framework WordPress plugin (versions up to and including 2.7.31). The root cause is a missing capability check in sf_edit_directory_item(), enabling unauthenticated attackers to modify arbitrary posts/content. Impact per available data is limited to integrity (LOW)...
CVE-2024-3599
The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete...
CVE-2024-3599 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete...
CVE-2024-1371
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...
CVE-2024-1371 LeadConnector <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...
CVE-2024-1371
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...
WordPress Meta Box plugin < 5.9.4 - Contributor+ Arbitrary Posts Custom Field Disclosure vulnerability
Contributor+ Arbitrary Posts Custom Field Disclosure vulnerability discovered by Scott Kingsley Clark in WordPress Plugin Meta Box – WordPress Custom Fields Framework versions 5.9.4...
CVE-2024-1204 Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...
CVE-2024-1732
The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...
CVE-2024-1732 Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...
CVE-2024-1732
CVE-2024-1732 : The Sharkdropship Dropshipping & Affiliate for AliExpress WordPress plugin is vulnerable to unauthenticated data loss via a missing capability check in wads_removeProductFromShop(), affecting all versions up to 2.2.4. Impact is unauthorized deletion of posts; CVSS indicates networ...
Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. 1. ADMIN: Install Meta Box 2. ADMIN: Add Meta Box fields through code or the premium add-on...
CVE-2024-1642 MainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulk
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it possible for...
CVE-2024-1125 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendareventsdelete function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with...
CVE-2024-1123 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for authenticated...
EventPrime – Events Calendar, Bookings and Tickets < 3.4.3 - Missing Authorization to Arbitrary Post Overwrite
Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for...