5260 matches found
CVE-2024-6709 Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update
The Sync Post With Other Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'spsaddupdatepost' function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2024-7031
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...
CVE-2024-7031
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...
CVE-2024-7031 File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...
CVE-2024-7031
The CVE-2024-7031 entry concerns the WordPress File Manager Pro – Filester plugin. A missing capability check in njt_fs_saveSettingRestrictions allows authenticated users, granted permissions by an Administrator, to modify plugin settings related to user role restrictions and uploads (e.g., enabl...
CVE-2024-7031 File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...
PT-2024-38037 · WordPress · File Manager Pro – Filester
Name of the Vulnerable Software and Affected Versions: File Manager Pro – Filester plugin for WordPress versions up to, and including, 1.8.2 Description: The issue allows authenticated attackers with granted permissions by an Administrator to update plugin settings for user role restrictions. Thi...
PT-2024-37815 · WordPress · Sync Post With Other Site
Name of the Vulnerable Software and Affected Versions: Sync Post With Other Site plugin for WordPress versions up to, and including, 1.6 Description: The issue allows authenticated attackers with Subscriber-level access and above to create new draft posts and update existing posts due to a missin...
PT-2024-18246 · WordPress · Adfoxly
Name of the Vulnerable Software and Affected Versions: AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress versions up to, and including, 1.8.5 Description: The issue allows unauthorized modification of data due to a missing capability check on the adfoxly ad status function. This...
CVE-2024-7135
The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getfile' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with...
CVE-2024-2508 WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification
The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savemenuitemicon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the 'mobmenuicon' post meta to...
PT-2024-20731 · WordPress · Wp Mobile Menu
Name of the Vulnerable Software and Affected Versions: WP Mobile Menu plugin for WordPress versions up to, and including, 2.8.4.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the save menu item icon function. This makes it possible for...
CVE-2024-6458
The WooCommerce Product Table Lite plugin for WordPress is vulnerable to unauthorized post title modification due to a missing capability check on the wcptpresetsduplicatepresettotable function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers with...
CVE-2024-1804
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutorimportfromxml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2024-6431
The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for authenticated attackers, with subscriber-lev...
CVE-2024-1804
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutorimportfromxml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2024-1798
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutorlpexportxml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including privat...
CVE-2024-6431 Media.net Ads Manager <= 2.10.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
The Media.net Ads Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and missing capability check in the 'sendMail' function in all versions up to, and including, 2.10.13. This makes it possible for authenticated attackers, with subscriber-lev...
CVE-2024-6431
CVE-2024-6431 concerns the WordPress plugin Media.net Ads Manager up to version 2.10.13 . The issue is an arbitrary file upload caused by missing file-type validation and a missing capability check in the plugin’s sendMail function. The vulnerability requires an authenticated user with subscriber...
CVE-2024-1804
The CVE-2024-1804 issue affects the WordPress plugin Tutor LMS – Migration Tool, affecting all versions up to 2.2.0. Root cause: missing capability check in tutor_import_from_xml allows authenticated users with subscriber-level access or higher to import courses, enabling unauthorized data modifi...