561 matches found
WordPress WP BASE Booking plugin <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure via appexportdb vulnerability discovered by Thanh Nam Tran in WordPress Plugin WP BASE Booking versions = 4.9.2...
WordPress WP Project Manager plugin <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API vulnerability
Authenticated Subscriber+ Sensitive Information Exposure via Project Task List REST API vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin WP Project Manager versions = 2.6.15...
WordPress WP Crowdfunding plugin <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation vulnerability
Missing Authorization to Authenticated Subscriber+ WooCommerce Installation vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin WP Crowdfunding versions = 2.1.12...
WordPress Custom Skins Contact Form 7 plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Post Update and Skin Creation vulnerability discovered by Lucio Sá in WordPress Plugin Custom Skins Contact Form 7 versions = 1.0...
WordPress WPForms plugin 1.8.4-1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation vulnerability
Missing Authorization to Authenticated Subscriber+ Payment Refund and Subscription Cancellation vulnerability discovered by villu164 in WordPress Plugin Contact Form by WPForms versions 1.8.4-1.9.2.1...
WordPress SMS for Lead Capture Forms plugin <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Message Deletion vulnerability discovered by Mika in WordPress Plugin SMS for Lead Capture Forms versions = 1.1.0...
WordPress Gold Addons for Elementor plugin <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation vulnerability
Missing Authorization to Authenticated Subscriber+ License Activation/Deactivation vulnerability discovered by BrokenAC ignore in WordPress Plugin Gold Addons for Elementor versions = 1.3.2...
WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions vulnerability
Missing Authorization to Authenticated Subscriber+ Filter Updates/Deletions vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Message Filter for Contact Form 7 versions = 1.6.3...
CVE-2024-7747
The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with...
WordPress WPGYM plugin <= 67.1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin WPGYM versions = 67.1.0...
WordPress WPDash Notes plugin <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin WPDash Notes versions = 1.3.5...
CVE-2024-11154 PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.15 via the 'actAjaxRevisionDiffs' function. This makes it possible for authenticated attackers,...
CVE-2024-10900
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmremovefileattachment function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attacker...
WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary User Meta Deletion vulnerability discovered by 1337Wannabe in WordPress Plugin ProfileGrid versions = 5.9.3.6...
WordPress Drop Shadow Boxes plugin <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Drop Shadow Boxes versions = 1.7.14...
WordPress Contact Form 7 Telegram plugin <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscription Approve/Pause/Refuse vulnerability
Missing Authorization to Authenticated Subscriber+ Subscription Approve/Pause/Refuse vulnerability discovered by István Márton in WordPress Plugin Contact Form 7 Telegram versions = 0.8.5...
PT-2024-16020 · WordPress · Download Monitor
Name of the Vulnerable Software and Affected Versions: Download Monitor plugin for WordPress versions up to, and including, 5.0.12 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without authorization due to a missing capability check on...
PT-2024-39728 · WordPress · Wps Telegram Chat
Name of the Vulnerable Software and Affected Versions: WPS Telegram Chat plugin for WordPress versions up to, and including, 4.5.4 Description: The issue allows authenticated attackers with subscriber-level access and above to have full access to the Telegram Bot API endpoint and communicate with...
CVE-2024-10079
The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajaximportcontent' function. This allows authenticated attackers, with subscriber-level permissions an...
WordPress SendGrid for WordPress plugin <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Log Deletion vulnerability discovered by Nishiv in WordPress Plugin SendGrid for WordPress versions = 1.4...