Lucene search
K

5257 matches found

Positive Technologies
Positive Technologies
added 2024/07/27 12:0 a.m.4 views

PT-2024-37743 · WordPress · The Ultimate Wordpress Auction Plugin

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Auction Plugin versions prior to 4.2.7 Description: The issue allows unauthorized email creation and sending due to a missing capability check on the send auction email callback and resend auction email callback...

5.8CVSS6.9AI score0.00401EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/27 12:0 a.m.5 views

PT-2024-37642 · WordPress · Woocommerce Product Table Lite

Name of the Vulnerable Software and Affected Versions: WooCommerce Product Table Lite plugin for WordPress versions up to, and including, 3.5.1 Description: The issue allows authenticated attackers with subscriber access and above to modify post titles of arbitrary posts due to a missing capabili...

6.4CVSS6.1AI score0.00292EPSS
Exploits0References7
NVD
NVD
added 2024/07/24 6:15 a.m.27 views

CVE-2024-6836

The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in all versions up to, and...

4.3CVSS0.00325EPSS
Exploits0References3
NVD
NVD
added 2024/07/24 4:15 a.m.14 views

CVE-2024-5861

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpepsquaredisconnect function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect squar...

6.5CVSS0.00398EPSS
Exploits0References4
OSV
OSV
added 2024/07/24 4:15 a.m.4 views

CVE-2024-5861

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpepsquaredisconnect function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect squar...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References4
CVE
CVE
added 2024/07/24 3:17 a.m.50 views

CVE-2024-5861

CVE-2024-5861 affects the WordPress plugin WP EasyPay – Square for WordPress (versions

6.5CVSS5.2AI score0.00398EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/07/24 3:15 a.m.4 views

CVE-2024-6755

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpwautoposterquickdeletemultiple’ function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References2
CVE
CVE
added 2024/07/24 2:33 a.m.54 views

CVE-2024-6755

The CVE-2024-6755 entry concerns the WordPress Social Auto Poster plugin (versions up to and including 5.3.14) suffering from a missing capability check in wpw_auto_poster_quick_delete_multiple, enabling unauthenticated actors to delete arbitrary posts. The connected data corroborates the root ca...

6.5CVSS6.4AI score0.00317EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/24 12:0 a.m.4 views

PT-2024-37851 · WordPress · Social Auto Poster

Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue is related to a missing capability check on the wpw auto poster quick delete multiple function, allowing unauthenticated attackers to delete...

6.5CVSS7.1AI score0.00317EPSS
Exploits0References6
OSV
OSV
added 2024/07/20 8:15 a.m.6 views

CVE-2024-6636

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wooslgloginemail' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role ...

9.8CVSS5.8AI score0.00518EPSS
Exploits0References2
NVD
NVD
added 2024/07/20 8:15 a.m.21 views

CVE-2024-6636

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wooslgloginemail' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role ...

9.8CVSS0.00518EPSS
Exploits0References2
CVE
CVE
added 2024/07/20 7:38 a.m.51 views

CVE-2024-6636

CVE-2024-6636 affects the WooCommerce – Social Login plugin for WordPress up to version 2.7.3. The issue is a missing capability check in the woo_slg_login_email function, allowing unauthenticated attackers to modify data by changing the default user role to Administrator during registration. Pro...

9.8CVSS9.3AI score0.00518EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/20 7:38 a.m.17 views

CVE-2024-6636 WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wooslgloginemail' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role ...

9.8CVSS6.8AI score0.00518EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/20 7:38 a.m.35 views

CVE-2024-6636 WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wooslgloginemail' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role ...

9.8CVSS0.00518EPSS
Exploits0References2
OSV
OSV
added 2024/07/20 7:15 a.m.4 views

CVE-2024-6491

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2024/07/20 7:15 a.m.5 views

CVE-2024-6489

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...

5.3CVSS5.8AI score0.00298EPSS
Exploits0References2
NVD
NVD
added 2024/07/20 7:15 a.m.37 views

CVE-2024-6489

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...

5.3CVSS0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/20 6:43 a.m.11 views

CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...

5.3CVSS6.4AI score0.00298EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/20 6:43 a.m.42 views

CVE-2024-6491 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...

4.3CVSS0.00378EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.4 views

PT-2024-37663 · WordPress · Getwid

Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the get google api key function. This makes it possible...

5.3CVSS6.5AI score0.00298EPSS
Exploits0References7
Rows per page
Query Builder