Lucene search
+L

561 matches found

patchstack
patchstack
added 2024/12/20 9:10 p.m.7 views

WordPress WP BASE Booking plugin <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via app_export_db vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure via appexportdb vulnerability discovered by Thanh Nam Tran in WordPress Plugin WP BASE Booking versions = 4.9.2...

6.5CVSS6.9AI score0.01194EPSS
Exploits1References1Affected Software1
patchstack
patchstack
added 2024/12/19 9:8 p.m.7 views

WordPress WP Project Manager plugin <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API vulnerability

Authenticated Subscriber+ Sensitive Information Exposure via Project Task List REST API vulnerability discovered by Noah Stead TurtleBurg in WordPress Plugin WP Project Manager versions = 2.6.15...

6.5CVSS7AI score0.00392EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/12/12 9:17 p.m.4 views

WordPress WP Crowdfunding plugin <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation vulnerability

Missing Authorization to Authenticated Subscriber+ WooCommerce Installation vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin WP Crowdfunding versions = 2.1.12...

4.3CVSS7AI score0.00273EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/12/12 12:20 a.m.8 views

WordPress Custom Skins Contact Form 7 plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Update and Skin Creation vulnerability discovered by Lucio Sá in WordPress Plugin Custom Skins Contact Form 7 versions = 1.0...

4.3CVSS7AI score0.00356EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/12/09 5:5 p.m.7 views

WordPress WPForms plugin 1.8.4-1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation vulnerability

Missing Authorization to Authenticated Subscriber+ Payment Refund and Subscription Cancellation vulnerability discovered by villu164 in WordPress Plugin Contact Form by WPForms versions 1.8.4-1.9.2.1...

8.5CVSS7AI score0.00738EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/12/06 1:10 p.m.6 views

WordPress SMS for Lead Capture Forms plugin <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Message Deletion vulnerability discovered by Mika in WordPress Plugin SMS for Lead Capture Forms versions = 1.1.0...

4.3CVSS7AI score0.00304EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/12/05 10:42 p.m.3 views

WordPress Gold Addons for Elementor plugin <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation vulnerability

Missing Authorization to Authenticated Subscriber+ License Activation/Deactivation vulnerability discovered by BrokenAC ignore in WordPress Plugin Gold Addons for Elementor versions = 1.3.2...

4.3CVSS7AI score0.00267EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/12/05 10:32 p.m.3 views

WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions vulnerability

Missing Authorization to Authenticated Subscriber+ Filter Updates/Deletions vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Message Filter for Contact Form 7 versions = 1.6.3...

4.3CVSS7AI score0.00327EPSS
Exploits0References1Affected Software1
osv
osv
added 2024/11/28 1:15 p.m.5 views

CVE-2024-7747

The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with...

6.5CVSS7.3AI score0.00483EPSS
Exploits0References3
patchstack
patchstack
added 2024/11/25 10:56 a.m.5 views

WordPress WPGYM plugin <= 67.1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability

Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin WPGYM versions = 67.1.0...

8.8CVSS7AI score0.00582EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/11/22 9:4 p.m.6 views

WordPress WPDash Notes plugin <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin WPDash Notes versions = 1.3.5...

4.3CVSS6.9AI score0.00358EPSS
Exploits0References1Affected Software1
osv
osv
added 2024/11/20 1:55 p.m.6 views

CVE-2024-11154 PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.15 via the 'actAjaxRevisionDiffs' function. This makes it possible for authenticated attackers,...

4.3CVSS7.2AI score0.00353EPSS
Exploits0References6
osv
osv
added 2024/11/20 7:15 a.m.3 views

CVE-2024-10900

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmremovefileattachment function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attacker...

8.1CVSS7.4AI score0.00464EPSS
Exploits0References3
patchstack
patchstack
added 2024/11/19 8:6 p.m.6 views

WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary User Meta Deletion vulnerability discovered by 1337Wannabe in WordPress Plugin ProfileGrid versions = 5.9.3.6...

8.1CVSS7AI score0.00464EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/11/15 9:41 p.m.7 views

WordPress Drop Shadow Boxes plugin <= 1.7.14 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Drop Shadow Boxes versions = 1.7.14...

6.3CVSS7.1AI score0.00581EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/10/28 8:12 a.m.8 views

WordPress Contact Form 7 Telegram plugin <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscription Approve/Pause/Refuse vulnerability

Missing Authorization to Authenticated Subscriber+ Subscription Approve/Pause/Refuse vulnerability discovered by István Márton in WordPress Plugin Contact Form 7 Telegram versions = 0.8.5...

5.4CVSS7AI score0.00372EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2024/10/26 12:0 a.m.6 views

PT-2024-16020 · WordPress · Download Monitor

Name of the Vulnerable Software and Affected Versions: Download Monitor plugin for WordPress versions up to, and including, 5.0.12 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without authorization due to a missing capability check on...

4.3CVSS6.6AI score0.0044EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/10/25 12:0 a.m.17 views

PT-2024-39728 · WordPress · Wps Telegram Chat

Name of the Vulnerable Software and Affected Versions: WPS Telegram Chat plugin for WordPress versions up to, and including, 4.5.4 Description: The issue allows authenticated attackers with subscriber-level access and above to have full access to the Telegram Bot API endpoint and communicate with...

6.5CVSS6.4AI score0.00267EPSS
Exploits0References5
osv
osv
added 2024/10/18 8:15 a.m.4 views

CVE-2024-10079

The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajaximportcontent' function. This allows authenticated attackers, with subscriber-level permissions an...

8.8CVSS6AI score0.00779EPSS
Exploits0References2
patchstack
patchstack
added 2024/10/17 6:5 p.m.6 views

WordPress SendGrid for WordPress plugin <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Log Deletion vulnerability discovered by Nishiv in WordPress Plugin SendGrid for WordPress versions = 1.4...

4.3CVSS7AI score0.00354EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder