Lucene search
K

5257 matches found

Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.6 views

PT-2024-37665 · WordPress · Getwid

Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the mailchimp api key manage function. This makes it...

4.3CVSS6.5AI score0.00378EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.5 views

PT-2024-37765

Name of the Vulnerable Software and Affected Versions WooCommerce - Social Login plugin for WordPress versions up to, and including, 2.7.3 Description The issue allows unauthorized modification of data due to a missing capability check on the woo slg login email function. This enables...

9.8CVSS5.9AI score0.00518EPSS
Exploits0References7
NVD
NVD
added 2024/07/19 8:15 a.m.21 views

CVE-2024-6799

The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...

4.3CVSS0.0033EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/19 7:36 a.m.13 views

CVE-2024-6799 YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation

The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...

4.3CVSS6.5AI score0.0033EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/19 7:36 a.m.21 views

CVE-2024-6799 YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation

The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...

4.3CVSS0.0033EPSS
Exploits0References5
CVE
CVE
added 2024/07/19 7:36 a.m.54 views

CVE-2024-6799

CVE-2024-6799 affects YITH Essential Kit for WooCommerce #1 (WordPress) and, per connected sources, versions up to 2.34.0 are vulnerable due to a missing capability check in activate_module, deactivate_module, and install_module. This allows authenticated users with Subscriber+ privileges to inst...

4.3CVSS4.3AI score0.0033EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/07/18 10:15 p.m.12 views

CVE-2024-5997

The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicateuser and duplicatepost functions in all versions up to, and including, 0.6. This makes it possible for authenticate...

4.3CVSS0.00365EPSS
Exploits0References3
CVE
CVE
added 2024/07/18 9:32 p.m.42 views

CVE-2024-5997

CVE-2024-5997 affects the WordPress plugin Duplica (versions

4.3CVSS4.7AI score0.00365EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.5 views

PT-2024-37747 · WordPress · Meks Video Importer

Name of the Vulnerable Software and Affected Versions: Meks Video Importer plugin for WordPress versions up to, and including, 1.0.11 Description: The issue arises from a missing capability check on the ajax save settings function, allowing authenticated attackers with Subscriber-level access and...

4.3CVSS6.3AI score0.00325EPSS
Exploits0References6
NVD
NVD
added 2024/07/17 8:15 a.m.28 views

CVE-2024-5703

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated...

4.3CVSS0.00378EPSS
Exploits0References3
CVE
CVE
added 2024/07/17 7:32 a.m.80 views

CVE-2024-5703

The CVE CVE-2024-5703 affects the WordPress plugin Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce (versions up to 5.7.26). The issue is a missing capability check that permits unauthorized API access to the plugin’s API (if enabled) by ...

4.3CVSS4.7AI score0.00378EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/07/17 7:15 a.m.24 views

CVE-2024-6033

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...

4.3CVSS0.00362EPSS
Exploits0References3
NVD
NVD
added 2024/07/17 7:15 a.m.17 views

CVE-2024-6660

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...

8.8CVSS0.00621EPSS
Exploits0References5
OSV
OSV
added 2024/07/17 7:15 a.m.6 views

CVE-2024-6033

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.00362EPSS
Exploits0References3
CVE
CVE
added 2024/07/17 6:45 a.m.56 views

CVE-2024-6660

BookingPress (Appointment Booking Calendar Plugin for WordPress) is affected up to version 1.1.5 . The vulnerability stems from a missing capability check in the bookingpress_import_data_continue_process_func and publicly accessible nonce on the frontend, allowing authenticated users with Subscri...

8.8CVSS8.8AI score0.00621EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/17 6:45 a.m.20 views

CVE-2024-6660 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload

The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpressimportdatacontinueprocessfunc function in all...

8.8CVSS7.3AI score0.00621EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/17 6:45 a.m.11 views

CVE-2024-6033 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...

4.3CVSS6.5AI score0.00362EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/17 6:45 a.m.35 views

CVE-2024-6033 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...

4.3CVSS0.00362EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.8 views

PT-2024-37083 · Icegram Express · Email Subscribers

Name of the Vulnerable Software and Affected Versions: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin versions up to, and including, 5.7.26 Description: The issue is related to unauthorized API access due to a missing capability...

4.3CVSS6.7AI score0.00378EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.3 views

PT-2024-37783 · WordPress · Bookingpress – Appointment Booking Calendar Plugin/Online Scheduling Plugin

Name of the Vulnerable Software and Affected Versions: The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows unauthorized modification of data, leading to privilege escalation due...

8.8CVSS7.3AI score0.00621EPSS
Exploits0References10
Rows per page
Query Builder