Lucene search
K

5257 matches found

CVE
CVE
added 2024/08/21 5:30 a.m.49 views

CVE-2024-7030

Summary (CVE-2024-7030) : The WordPress plugin “Smart Online Order for Clover” is vulnerable in all versions up to and including 1.5.6 due to a missing capability check. This enables authenticated attackers with Subscriber-level access and above to modify data such as product/category description...

4.3CVSS4.3AI score0.00353EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/08/21 5:30 a.m.22 views

CVE-2024-7030 Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

4.3CVSS0.00353EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/21 5:30 a.m.10 views

CVE-2024-7030 Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

4.3CVSS6.5AI score0.00353EPSS
Exploits0References4
OSV
OSV
added 2024/08/20 2:15 a.m.5 views

CVE-2024-5941

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handlerequest' function in all versions up to, and including, 3.14.1. This makes it possible for authenticated attackers,...

5.4CVSS5.8AI score0.00389EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/20 2:3 a.m.18 views

CVE-2024-5940 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handlerequest' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to edi...

6.5CVSS0.00466EPSS
Exploits0References4
CVE
CVE
added 2024/08/20 2:3 a.m.54 views

CVE-2024-5941

CVE-2024-5941 : The GiveWP – Donation Plugin and Fundraising Platform for WordPress is vulnerable in versions up to and including 3.14.1 due to a missing capability check in the handle_request function. This allows authenticated users with Subscriber-level access and above to read attachment path...

5.4CVSS5.2AI score0.00389EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/20 2:3 a.m.12 views

CVE-2024-5941 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Missing Authorization to Authenticated (Subscriber+) Limited File Deletion

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handlerequest' function in all versions up to, and including, 3.14.1. This makes it possible for authenticated attackers,...

5.4CVSS6.6AI score0.00389EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.6 views

PT-2024-38318 · WordPress · Testimonials Widget

Name of the Vulnerable Software and Affected Versions: WP Testimonial Widget plugin for WordPress versions up to, and including, 3.0 Description: The issue is related to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function. This allows...

5.3CVSS6.9AI score0.00339EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.3 views

PT-2024-37925 · WordPress · Event Espresso 4 Decaf

Name of the Vulnerable Software and Affected Versions: Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress versions up to, and including, 5.0.22.decaf Description: The issue is related to a missing capability check on the saveTimezoneString and some other functions,...

4.3CVSS6.6AI score0.00282EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.9 views

PT-2024-38038 · WordPress · Smart Online Order For Clover

Name of the Vulnerable Software and Affected Versions: The Smart Online Order for Clover plugin for WordPress versions up to, and including, 1.5.6 Description: The issue is related to a missing capability check on the moo deactivateAndClean function, which allows unauthenticated attackers to...

6.5CVSS6.9AI score0.00482EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.5 views

PT-2024-37255 · WordPress · Givewp

Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 3.13.1 Description: The issue allows unauthorized modification of data due to a missing capability check on the handle request function. This makes it possible for...

6.5CVSS6.8AI score0.00466EPSS
Exploits0References11
OSV
OSV
added 2024/08/17 8:15 a.m.4 views

CVE-2023-4027

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesettings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings...

5.3CVSS5.8AI score0.0041EPSS
Exploits0References4
OSV
OSV
added 2024/08/17 8:15 a.m.3 views

CVE-2023-4024

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteplayer function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances...

5.3CVSS5.8AI score0.00411EPSS
Exploits0References4
NVD
NVD
added 2024/08/17 8:15 a.m.16 views

CVE-2023-4025

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateplayer function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances...

5.3CVSS0.0041EPSS
Exploits0References4
OSV
OSV
added 2024/08/17 8:15 a.m.3 views

CVE-2023-4025

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateplayer function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances...

5.3CVSS5.8AI score0.0041EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/17 7:34 a.m.19 views

CVE-2023-4730 LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.3 - Missing Authorization via init_endpoint

The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the initendpoint function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An...

5.3CVSS6.7AI score0.00458EPSS
Exploits0References4
NVD
NVD
added 2024/08/17 3:15 a.m.26 views

CVE-2024-6500

The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parserequest' function in all versions up to, and including, 1.4.0 for InPost for WooCommerce as well as 1.4.4 for InPost PL...

10CVSS0.00983EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/08/17 2:31 a.m.23 views

CVE-2024-6500 InPost for WooCommerce <= 1.4.0 and InPost PL <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary File Read and Delete

The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parserequest' function in all versions up to, and including, 1.4.0 for InPost for WooCommerce as well as 1.4.4 for InPost PL...

10CVSS0.00983EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.5 views

PT-2024-12877 · WordPress · Radio Player

Name of the Vulnerable Software and Affected Versions: Radio Player plugin for WordPress versions up to, and including, 2.0.73 Description: The issue allows unauthorized modification of data due to a missing capability check on the update settings function. This makes it possible for...

5.3CVSS6.9AI score0.0041EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.4 views

PT-2024-13437 · WordPress · Ladiapp

Name of the Vulnerable Software and Affected Versions: LadiApp plugin for WordPress versions up to and including 4.3 Description: The issue allows unauthorized modification of data due to a missing capability check on the init endpoint function. This enables unauthenticated attackers to modify...

5.3CVSS7AI score0.00458EPSS
Exploits0References7
Rows per page
Query Builder