5261 matches found
CVE-2024-5987 WP Accessibility Helper <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savecontrastvariations' and 'saveemptycontrastvariations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for...
CVE-2024-7856
CVE-2024-7856 affects the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar. The root cause is twofold: (1) missing authorization checks in removeTempFiles() and (2) inadequate validation of the file parameter, enabling authenticated users (subscriber level and hi...
CVE-2024-8195
CVE-2024-8195 affects the Permalink Manager Lite WordPress plugin. Root cause: missing capability checks on debug_data, debug_query, and debug_redirect in all versions up to 2.4.4. Impact: unauthenticated attackers could access sensitive data, including passwords, titles, and content of password-...
CVE-2024-7447
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsfaf2handelfileupload' function in all versions up to, and including, 3.7.3.2. Th...
CVE-2024-7447
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsfaf2handelfileupload' function in all versions up to, and including, 3.7.3.2. Th...
CVE-2024-7447
CVE-2024-7447 affects the Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free (WordPress). The vulnerability is due to a missing capability check in fnsf_af2_handel_file_upload, affecting all versions up to 3.7.3.2. This allows unauthenticated attackers...
CVE-2024-7447 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsfaf2handelfileupload' function in all versions up to, and including, 3.7.3.2. Th...
PT-2024-38357 · WordPress · Funnelforms Free
Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.7.3.2 Description: The issue is related to unauthorized modification of data due to a missing capability check on the fnsf af2 handel file upload function. This allows...
PT-2024-38633 · Sonaar · Mp3 Audio Player – Music Player
Name of the Vulnerable Software and Affected Versions: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.7.0.1 Description: The issue is related to unauthorized arbitrary file deletion due to a missing capability check on t...
PT-2024-37295 · WordPress · Wp Accessibility Helper
Name of the Vulnerable Software and Affected Versions: WP Accessibility Helper plugin versions prior to 0.6.2.8 Description: The issue allows authenticated attackers with Subscriber-level access and above to edit or delete contrast settings due to a missing capability check on the save contrast...
PT-2024-37196 · WordPress · Funnelforms Free
Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.7.3.2 Description: The issue allows unauthorized loss of data due to a missing capability check on the af2 handel file remove AJAX action. This makes it possible for...
CVE-2024-8199
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateapikey' function in all versions up to, and including, 1.1.2. This make...
CVE-2024-6631
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2024-6631
CVE-2024-6631 affects the ImageRecycle pdf & image compression WordPress plugin (versions
CVE-2024-7258
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2024-7258 WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2024-7258 WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2024-7258
CVE-2024-7258 affects the WooCommerce Google Feed Manager plugin for WordPress (versions
PT-2024-37760 · WordPress · Imagerecycle
Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.14 Description: The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing...
PT-2024-38215 · WordPress · Woocommerce Google Feed Manager
Name of the Vulnerable Software and Affected Versions: WooCommerce Google Feed Manager plugin for WordPress versions 1.0 through 2.8.0 Description: The issue is due to a missing capability check on the wppfm removeFeedFile function, allowing authenticated attackers with Contributor-level access a...