5257 matches found
PT-2024-37743 · WordPress · The Ultimate Wordpress Auction Plugin
Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Auction Plugin versions prior to 4.2.7 Description: The issue allows unauthorized email creation and sending due to a missing capability check on the send auction email callback and resend auction email callback...
PT-2024-37642 · WordPress · Woocommerce Product Table Lite
Name of the Vulnerable Software and Affected Versions: WooCommerce Product Table Lite plugin for WordPress versions up to, and including, 3.5.1 Description: The issue allows authenticated attackers with subscriber access and above to modify post titles of arbitrary posts due to a missing capabili...
CVE-2024-6836
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in all versions up to, and...
CVE-2024-5861
The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpepsquaredisconnect function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect squar...
CVE-2024-5861
The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpepsquaredisconnect function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect squar...
CVE-2024-5861
CVE-2024-5861 affects the WordPress plugin WP EasyPay – Square for WordPress (versions
CVE-2024-6755
The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpwautoposterquickdeletemultiple’ function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete...
CVE-2024-6755
The CVE-2024-6755 entry concerns the WordPress Social Auto Poster plugin (versions up to and including 5.3.14) suffering from a missing capability check in wpw_auto_poster_quick_delete_multiple, enabling unauthenticated actors to delete arbitrary posts. The connected data corroborates the root ca...
PT-2024-37851 · WordPress · Social Auto Poster
Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue is related to a missing capability check on the wpw auto poster quick delete multiple function, allowing unauthenticated attackers to delete...
CVE-2024-6636
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wooslgloginemail' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role ...
CVE-2024-6636
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wooslgloginemail' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role ...
CVE-2024-6636
CVE-2024-6636 affects the WooCommerce – Social Login plugin for WordPress up to version 2.7.3. The issue is a missing capability check in the woo_slg_login_email function, allowing unauthenticated attackers to modify data by changing the default user role to Administrator during registration. Pro...
CVE-2024-6636 WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wooslgloginemail' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role ...
CVE-2024-6636 WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wooslgloginemail' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role ...
CVE-2024-6491
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-6489
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2024-6489
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2024-6489 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getgoogleapikey function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access a...
CVE-2024-6491 Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimpapikeymanage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level...
PT-2024-37663 · WordPress · Getwid
Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the get google api key function. This makes it possible...