Lucene search
K

5257 matches found

Vulnrichment
Vulnrichment
added 2024/08/15 2:30 a.m.13 views

CVE-2024-7624 Zephyr Project Manager <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation

The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin's settings through the...

8.1CVSS6.8AI score0.00402EPSS
Exploits0References3
NVD
NVD
added 2024/08/12 1:38 p.m.14 views

CVE-2024-7621

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processwpfeedbackmiscoptions function in all versions up to, and including, 4.0.2. This makes it possible for...

5.4CVSS0.0047EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/10 12:0 a.m.5 views

PT-2024-38458 · WordPress · Atarim

Name of the Vulnerable Software and Affected Versions: Atarim plugin for WordPress versions prior to 4.0.3 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data due to a missing capability check on the process wpfeedback misc options function...

5.4CVSS6.8AI score0.0047EPSS
Exploits0References4
NVD
NVD
added 2024/08/08 6:15 a.m.14 views

CVE-2024-6824

The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...

4.3CVSS0.00414EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/08 5:31 a.m.30 views

CVE-2024-6824 Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update

The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...

4.3CVSS0.00414EPSS
Exploits0References4
OSV
OSV
added 2024/08/08 5:15 a.m.3 views

CVE-2024-6987

The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00346EPSS
Exploits0References3
NVD
NVD
added 2024/08/08 5:15 a.m.16 views

CVE-2024-6987

The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00346EPSS
Exploits0References3
CVE
CVE
added 2024/08/08 4:11 a.m.48 views

CVE-2024-6869

CVE-2024-6869 : Falang multilanguage for WordPress is vulnerable up to version 1.3.52 due to missing capability checks, enabling authenticated attackers with Subscriber+ access to update/delete translations and expose the admin email. Wordfence/Red Hat notes indicate a patch is available; remedia...

7.1CVSS5.2AI score0.00315EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/08/08 4:11 a.m.29 views

CVE-2024-6869 Falang multilanguage for WordPress <= 1.3.52 - Missing Authorization to Translation Update and Information Exposure

The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3.52. This makes it possible for authenticated attackers, with Subscriber-level access and...

5.4CVSS0.00315EPSS
Exploits0References3
CVE
CVE
added 2024/08/08 4:11 a.m.52 views

CVE-2024-6987

The CVE-2024-6987 entry concerns the Orchid Store WordPress theme. The documented root cause is a missing capability check in orchid_store_activate_plugin, enabling unauthorized data modification by authenticated users with Subscriber-level access and above to activate the Addonify Floating Cart ...

4.3CVSS4.4AI score0.00346EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/08/08 4:11 a.m.20 views

CVE-2024-6987 Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation

The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00346EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.4 views

PT-2024-37916 · WordPress · Falang Multilanguage For Wordpress

Name of the Vulnerable Software and Affected Versions: Falang multilanguage for WordPress plugin versions up to, and including, 1.3.52 Description: The issue allows authenticated attackers with Subscriber-level access and above to update and delete translations and expose the administrator email...

7.1CVSS6.7AI score0.00315EPSS
Exploits0References8
OSV
OSV
added 2024/08/03 12:15 p.m.3 views

CVE-2024-6709

The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'spsaddupdatepost' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS5.8AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2024/08/03 12:15 p.m.23 views

CVE-2024-6709

The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'spsaddupdatepost' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS0.00323EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/03 11:37 a.m.30 views

CVE-2024-6872 Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update

The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...

4.3CVSS0.00328EPSS
Exploits0References4
CVE
CVE
added 2024/08/03 11:37 a.m.34 views

CVE-2024-6872

The CVE-2024-6872 entry concerns the WordPress TemplateSpare plugin (≤ 2.4.2). Root cause: missing capability checks in templatespare_activate_required_theme and templatespare_get_theme_status allow authenticated users with Subscriber+ privileges to activate any installed theme and read theme sta...

5.4CVSS4.3AI score0.00328EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/08/03 11:37 a.m.29 views

CVE-2024-6709 Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update

The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'spsaddupdatepost' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS0.00323EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/03 11:37 a.m.13 views

CVE-2024-6709 Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update

The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'spsaddupdatepost' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS6.7AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2024/08/03 9:15 a.m.40 views

CVE-2024-7031

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...

8.8CVSS0.00624EPSS
Exploits0References4
OSV
OSV
added 2024/08/03 9:15 a.m.4 views

CVE-2024-7031

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...

8.8CVSS5.7AI score
Exploits0References4
Rows per page
Query Builder