Lucene search
K

5260 matches found

Vulnrichment
Vulnrichment
added 2024/08/03 11:37 a.m.14 views

CVE-2024-6709 Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update

The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'spsaddupdatepost' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS6.7AI score0.00323EPSS
Exploits0References3
OSV
OSV
added 2024/08/03 9:15 a.m.5 views

CVE-2024-7031

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...

8.8CVSS5.7AI score
Exploits0References4
NVD
NVD
added 2024/08/03 9:15 a.m.55 views

CVE-2024-7031

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...

8.8CVSS0.00624EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/08/03 8:36 a.m.31 views

CVE-2024-7031 File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...

7.5CVSS6.5AI score0.00624EPSS
Exploits0References3
CVE
CVE
added 2024/08/03 8:36 a.m.42 views

CVE-2024-7031

The CVE-2024-7031 entry concerns the WordPress File Manager Pro – Filester plugin. A missing capability check in njt_fs_saveSettingRestrictions allows authenticated users, granted permissions by an Administrator, to modify plugin settings related to user role restrictions and uploads (e.g., enabl...

8.8CVSS7.3AI score0.00624EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/08/03 8:36 a.m.47 views

CVE-2024-7031 File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...

7.5CVSS0.00624EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/03 12:0 a.m.11 views

PT-2024-38037 · WordPress · File Manager Pro – Filester

Name of the Vulnerable Software and Affected Versions: File Manager Pro – Filester plugin for WordPress versions up to, and including, 1.8.2 Description: The issue allows authenticated attackers with granted permissions by an Administrator to update plugin settings for user role restrictions. Thi...

8.8CVSS7AI score0.00624EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/08/03 12:0 a.m.6 views

PT-2024-37815 · WordPress · Sync Post With Other Site

Name of the Vulnerable Software and Affected Versions: Sync Post With Other Site plugin for WordPress versions up to, and including, 1.6 Description: The issue allows authenticated attackers with Subscriber-level access and above to create new draft posts and update existing posts due to a missin...

4.3CVSS7AI score0.00323EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.4 views

PT-2024-18246 · WordPress · Adfoxly

Name of the Vulnerable Software and Affected Versions: AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress versions up to, and including, 1.8.5 Description: The issue allows unauthorized modification of data due to a missing capability check on the adfoxly ad status function. This...

7.3AI score
Exploits0References3
NVD
NVD
added 2024/07/31 11:15 a.m.36 views

CVE-2024-7135

The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getfile' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with...

6.5CVSS0.0269EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/07/31 8:30 a.m.17 views

CVE-2024-2508 WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification

The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savemenuitemicon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the 'mobmenuicon' post meta to...

5.3CVSS0.0036EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/31 12:0 a.m.3 views

PT-2024-20731 · WordPress · Wp Mobile Menu

Name of the Vulnerable Software and Affected Versions: WP Mobile Menu plugin for WordPress versions up to, and including, 2.8.4.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the save menu item icon function. This makes it possible for...

5.3CVSS7.1AI score0.0036EPSS
Exploits0References5
NVD
NVD
added 2024/07/27 9:15 a.m.41 views

CVE-2024-6458

The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcptpresetsduplicatepresettotable function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with...

6.4CVSS0.00292EPSS
Exploits0References3
NVD
NVD
added 2024/07/27 2:15 a.m.22 views

CVE-2024-1804

The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutorimportfromxml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS0.00323EPSS
Exploits0References3
NVD
NVD
added 2024/07/27 2:15 a.m.30 views

CVE-2024-6431

The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for authenticated attackers, with subscriber-lev...

8.8CVSS0.00786EPSS
Exploits0References2
OSV
OSV
added 2024/07/27 2:15 a.m.8 views

CVE-2024-1804

The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutorimportfromxml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS6.7AI score
Exploits0References2
NVD
NVD
added 2024/07/27 2:15 a.m.26 views

CVE-2024-1798

The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutorlpexportxml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including privat...

5.3CVSS0.00411EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/27 1:51 a.m.273 views

CVE-2024-6431 Media.net Ads Manager <= 2.10.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for authenticated attackers, with subscriber-lev...

8.8CVSS0.00786EPSS
Exploits0References2
CVE
CVE
added 2024/07/27 1:51 a.m.81 views

CVE-2024-6431

CVE-2024-6431 concerns the WordPress plugin Media.net Ads Manager up to version 2.10.13 . The issue is an arbitrary file upload caused by missing file-type validation and a missing capability check in the plugin’s sendMail function. The vulnerability requires an authenticated user with subscriber...

8.8CVSS8.9AI score0.00786EPSS
Exploits0References2
CVE
CVE
added 2024/07/27 1:51 a.m.43 views

CVE-2024-1804

The CVE-2024-1804 issue affects the WordPress plugin Tutor LMS – Migration Tool, affecting all versions up to 2.2.0. Root cause: missing capability check in tutor_import_from_xml allows authenticated users with subscriber-level access or higher to import courses, enabling unauthorized data modifi...

4.3CVSS4.3AI score0.00323EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder