5257 matches found
CVE-2024-7624 Zephyr Project Manager <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation
The Zephyr Project Manager plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 3.3.101. This is due to the plugin not properly checking a users capabilities before allowing them to enable access to the plugin's settings through the...
CVE-2024-7621
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processwpfeedbackmiscoptions function in all versions up to, and including, 4.0.2. This makes it possible for...
PT-2024-38458 · WordPress · Atarim
Name of the Vulnerable Software and Affected Versions: Atarim plugin for WordPress versions prior to 4.0.3 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data due to a missing capability check on the process wpfeedback misc options function...
CVE-2024-6824
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...
CVE-2024-6824 Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...
CVE-2024-6987
The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6987
The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6869
CVE-2024-6869 : Falang multilanguage for WordPress is vulnerable up to version 1.3.52 due to missing capability checks, enabling authenticated attackers with Subscriber+ access to update/delete translations and expose the admin email. Wordfence/Red Hat notes indicate a patch is available; remedia...
CVE-2024-6869 Falang multilanguage for WordPress <= 1.3.52 - Missing Authorization to Translation Update and Information Exposure
The Falang multilanguage for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.3.52. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6987
The CVE-2024-6987 entry concerns the Orchid Store WordPress theme. The documented root cause is a missing capability check in orchid_store_activate_plugin, enabling unauthorized data modification by authenticated users with Subscriber-level access and above to activate the Addonify Floating Cart ...
CVE-2024-6987 Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation
The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...
PT-2024-37916 · WordPress · Falang Multilanguage For Wordpress
Name of the Vulnerable Software and Affected Versions: Falang multilanguage for WordPress plugin versions up to, and including, 1.3.52 Description: The issue allows authenticated attackers with Subscriber-level access and above to update and delete translations and expose the administrator email...
CVE-2024-6709
The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'spsaddupdatepost' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2024-6709
The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'spsaddupdatepost' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2024-6872 Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update
The Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...
CVE-2024-6872
The CVE-2024-6872 entry concerns the WordPress TemplateSpare plugin (≤ 2.4.2). Root cause: missing capability checks in templatespare_activate_required_theme and templatespare_get_theme_status allow authenticated users with Subscriber+ privileges to activate any installed theme and read theme sta...
CVE-2024-6709 Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update
The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'spsaddupdatepost' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2024-6709 Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update
The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'spsaddupdatepost' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2024-7031
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...
CVE-2024-7031
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...