5257 matches found
PT-2024-37665 · WordPress · Getwid
Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the mailchimp api key manage function. This makes it...
PT-2024-37765
Name of the Vulnerable Software and Affected Versions WooCommerce - Social Login plugin for WordPress versions up to, and including, 2.7.3 Description The issue allows unauthorized modification of data due to a missing capability check on the woo slg login email function. This enables...
CVE-2024-6799
The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...
CVE-2024-6799 YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation
The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...
CVE-2024-6799 YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation
The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...
CVE-2024-6799
CVE-2024-6799 affects YITH Essential Kit for WooCommerce #1 (WordPress) and, per connected sources, versions up to 2.34.0 are vulnerable due to a missing capability check in activate_module, deactivate_module, and install_module. This allows authenticated users with Subscriber+ privileges to inst...
CVE-2024-5997
The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicateuser and duplicatepost functions in all versions up to, and including, 0.6. This makes it possible for authenticate...
CVE-2024-5997
CVE-2024-5997 affects the WordPress plugin Duplica (versions
PT-2024-37747 · WordPress · Meks Video Importer
Name of the Vulnerable Software and Affected Versions: Meks Video Importer plugin for WordPress versions up to, and including, 1.0.11 Description: The issue arises from a missing capability check on the ajax save settings function, allowing authenticated attackers with Subscriber-level access and...
CVE-2024-5703
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated...
CVE-2024-5703
The CVE CVE-2024-5703 affects the WordPress plugin Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce (versions up to 5.7.26). The issue is a missing capability check that permits unauthorized API access to the plugin’s API (if enabled) by ...
CVE-2024-6033
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...
CVE-2024-6660
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...
CVE-2024-6033
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...
CVE-2024-6660
BookingPress (Appointment Booking Calendar Plugin for WordPress) is affected up to version 1.1.5 . The vulnerability stems from a missing capability check in the bookingpress_import_data_continue_process_func and publicly accessible nonce on the frontend, allowing authenticated users with Subscri...
CVE-2024-6660 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload
The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...
CVE-2024-6033 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...
CVE-2024-6033 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...
PT-2024-37083 · Icegram Express · Email Subscribers
Name of the Vulnerable Software and Affected Versions: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin versions up to, and including, 5.7.26 Description: The issue is related to unauthorized API access due to a missing capability...
PT-2024-37783 · WordPress · Bookingpress – Appointment Booking Calendar Plugin/Online Scheduling Plugin
Name of the Vulnerable Software and Affected Versions: The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows unauthorized modification of data, leading to privilege escalation due...