Lucene search
K

5261 matches found

Vulnrichment
Vulnrichment
added 2024/08/29 5:30 a.m.15 views

CVE-2024-5987 WP Accessibility Helper <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savecontrastvariations' and 'saveemptycontrastvariations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for...

5.4CVSS6.6AI score0.00264EPSS
Exploits0References2
CVE
CVE
added 2024/08/29 3:52 a.m.68 views

CVE-2024-7856

CVE-2024-7856 affects the WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar. The root cause is twofold: (1) missing authorization checks in removeTempFiles() and (2) inadequate validation of the file parameter, enabling authenticated users (subscriber level and hi...

8.1CVSS8.8AI score0.18807EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/08/28 1:54 p.m.60 views

CVE-2024-8195

CVE-2024-8195 affects the Permalink Manager Lite WordPress plugin. Root cause: missing capability checks on debug_data, debug_query, and debug_redirect in all versions up to 2.4.4. Impact: unauthenticated attackers could access sensitive data, including passwords, titles, and content of password-...

5.3CVSS5.5AI score0.00532EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/08/28 12:15 p.m.1 views

CVE-2024-7447

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsfaf2handelfileupload' function in all versions up to, and including, 3.7.3.2. Th...

5.3CVSS5.9AI score
Exploits0References3
NVD
NVD
added 2024/08/28 12:15 p.m.29 views

CVE-2024-7447

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsfaf2handelfileupload' function in all versions up to, and including, 3.7.3.2. Th...

5.3CVSS0.00402EPSS
Exploits0References3
CVE
CVE
added 2024/08/28 11:31 a.m.60 views

CVE-2024-7447

CVE-2024-7447 affects the Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free (WordPress). The vulnerability is due to a missing capability check in fnsf_af2_handel_file_upload, affecting all versions up to 3.7.3.2. This allows unauthenticated attackers...

5.3CVSS5.7AI score0.00402EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/08/28 11:31 a.m.38 views

CVE-2024-7447 Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'fnsfaf2handelfileupload' function in all versions up to, and including, 3.7.3.2. Th...

5.3CVSS0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.7 views

PT-2024-38357 · WordPress · Funnelforms Free

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.7.3.2 Description: The issue is related to unauthorized modification of data due to a missing capability check on the fnsf af2 handel file upload function. This allows...

5.3CVSS6.8AI score0.00402EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.8 views

PT-2024-38633 · Sonaar · Mp3 Audio Player – Music Player

Name of the Vulnerable Software and Affected Versions: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.7.0.1 Description: The issue is related to unauthorized arbitrary file deletion due to a missing capability check on t...

9.1CVSS7.8AI score0.18807EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.9 views

PT-2024-37295 · WordPress · Wp Accessibility Helper

Name of the Vulnerable Software and Affected Versions: WP Accessibility Helper plugin versions prior to 0.6.2.8 Description: The issue allows authenticated attackers with Subscriber-level access and above to edit or delete contrast settings due to a missing capability check on the save contrast...

5.4CVSS6.4AI score0.00264EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.5 views

PT-2024-37196 · WordPress · Funnelforms Free

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.7.3.2 Description: The issue allows unauthorized loss of data due to a missing capability check on the af2 handel file remove AJAX action. This makes it possible for...

5.3CVSS7AI score0.00317EPSS
Exploits0References8
OSV
OSV
added 2024/08/27 4:15 p.m.3 views

CVE-2024-8199

The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateapikey' function in all versions up to, and including, 1.1.2. This make...

4.3CVSS5.8AI score0.00401EPSS
Exploits0References3
OSV
OSV
added 2024/08/24 3:15 a.m.3 views

CVE-2024-6631

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14. This makes it possible for authenticated attackers, with Subscriber-level access...

4.3CVSS5.8AI score0.00264EPSS
Exploits0References2
CVE
CVE
added 2024/08/24 2:32 a.m.53 views

CVE-2024-6631

CVE-2024-6631 affects the ImageRecycle pdf & image compression WordPress plugin (versions

5CVSS4.9AI score0.00264EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/08/23 5:15 a.m.13 views

CVE-2024-7258

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...

8.8CVSS0.00775EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/08/23 4:30 a.m.12 views

CVE-2024-7258 WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...

8.8CVSS7.6AI score0.00775EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/08/23 4:30 a.m.18 views

CVE-2024-7258 WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfmremoveFeedFile' function in all versions up to, and including, 2.8.0. This makes it possible for authenticated attackers, with Contributor-level acces...

8.8CVSS0.00775EPSS
Exploits0References5
CVE
CVE
added 2024/08/23 4:30 a.m.52 views

CVE-2024-7258

CVE-2024-7258 affects the WooCommerce Google Feed Manager plugin for WordPress (versions

8.8CVSS8.7AI score0.00775EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.5 views

PT-2024-37760 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.14 Description: The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing...

5CVSS6.6AI score0.00264EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.5 views

PT-2024-38215 · WordPress · Woocommerce Google Feed Manager

Name of the Vulnerable Software and Affected Versions: WooCommerce Google Feed Manager plugin for WordPress versions 1.0 through 2.8.0 Description: The issue is due to a missing capability check on the wppfm removeFeedFile function, allowing authenticated attackers with Contributor-level access a...

8.8CVSS7.7AI score0.00775EPSS
Exploits0References19
Rows per page
Query Builder