5257 matches found
CVE-2024-7030
Summary (CVE-2024-7030) : The WordPress plugin “Smart Online Order for Clover” is vulnerable in all versions up to and including 1.5.6 due to a missing capability check. This enables authenticated attackers with Subscriber-level access and above to modify data such as product/category description...
CVE-2024-7030 Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2024-7030 Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
CVE-2024-5941
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handlerequest' function in all versions up to, and including, 3.14.1. This makes it possible for authenticated attackers,...
CVE-2024-5940 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handlerequest' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to edi...
CVE-2024-5941
CVE-2024-5941 : The GiveWP – Donation Plugin and Fundraising Platform for WordPress is vulnerable in versions up to and including 3.14.1 due to a missing capability check in the handle_request function. This allows authenticated users with Subscriber-level access and above to read attachment path...
CVE-2024-5941 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Missing Authorization to Authenticated (Subscriber+) Limited File Deletion
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'handlerequest' function in all versions up to, and including, 3.14.1. This makes it possible for authenticated attackers,...
PT-2024-38318 · WordPress · Testimonials Widget
Name of the Vulnerable Software and Affected Versions: WP Testimonial Widget plugin for WordPress versions up to, and including, 3.0 Description: The issue is related to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function. This allows...
PT-2024-37925 · WordPress · Event Espresso 4 Decaf
Name of the Vulnerable Software and Affected Versions: Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress versions up to, and including, 5.0.22.decaf Description: The issue is related to a missing capability check on the saveTimezoneString and some other functions,...
PT-2024-38038 · WordPress · Smart Online Order For Clover
Name of the Vulnerable Software and Affected Versions: The Smart Online Order for Clover plugin for WordPress versions up to, and including, 1.5.6 Description: The issue is related to a missing capability check on the moo deactivateAndClean function, which allows unauthenticated attackers to...
PT-2024-37255 · WordPress · Givewp
Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 3.13.1 Description: The issue allows unauthorized modification of data due to a missing capability check on the handle request function. This makes it possible for...
CVE-2023-4027
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatesettings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings...
CVE-2023-4024
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteplayer function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances...
CVE-2023-4025
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateplayer function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances...
CVE-2023-4025
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateplayer function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update player instances...
CVE-2023-4730 LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.3 - Missing Authorization via init_endpoint
The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the initendpoint function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An...
CVE-2024-6500
The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parserequest' function in all versions up to, and including, 1.4.0 for InPost for WooCommerce as well as 1.4.4 for InPost PL...
CVE-2024-6500 InPost for WooCommerce <= 1.4.0 and InPost PL <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary File Read and Delete
The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parserequest' function in all versions up to, and including, 1.4.0 for InPost for WooCommerce as well as 1.4.4 for InPost PL...
PT-2024-12877 · WordPress · Radio Player
Name of the Vulnerable Software and Affected Versions: Radio Player plugin for WordPress versions up to, and including, 2.0.73 Description: The issue allows unauthorized modification of data due to a missing capability check on the update settings function. This makes it possible for...
PT-2024-13437 · WordPress · Ladiapp
Name of the Vulnerable Software and Affected Versions: LadiApp plugin for WordPress versions up to and including 4.3 Description: The issue allows unauthorized modification of data due to a missing capability check on the init endpoint function. This enables unauthenticated attackers to modify...