5257 matches found
PT-2024-37332 · WordPress · Eventin
Name of the Vulnerable Software and Affected Versions: Eventin plugin for WordPress versions up to, and including, 4.0.4 Description: The issue is related to unauthorized data importation due to a missing capability check on the import file function. This allows authenticated attackers with...
CVE-2024-6621 WP RSS Aggregator <= 4.23.11 - Missing Authorization to Authenticated (Subscriber+) Feed State Update
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprssactivatefeedsource' and 'wprsspausefeedsource' functions in all versions up to, and including, 4.23.11...
CVE-2024-6579
The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with...
CVE-2024-6579 Web and WooCommerce Addons for WPBakery Builder <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification
The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with...
CVE-2024-1937
The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateitem' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to...
CVE-2024-1937
The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateitem' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to...
CVE-2024-1937
CVE-2024-1937 (Brizy – Page Builder for WordPress) affects Brizy up to version 2.4.44. The vulnerability is caused by a missing capability check in the update_item function, allowing authenticated attackers with contributor access and above to modify content of arbitrary published posts, includin...
PT-2024-18436 · WordPress · Brizy
Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.44 Description: The issue allows authenticated attackers with contributor access and above to modify the content of arbitrary published posts due to a missing...
CVE-2024-6465
The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplfajaxupdatescreenshots' function in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-6465
CVE-2024-6465 : The WP Links Page plugin for WordPress allows unauthorized modification of data due to a missing capability check in wplf_ajax_update_screenshots. This affects all versions up to and including 4.9.5. Authenticated attackers with Subscriber-level access and above can regenerate the...
CVE-2024-6465 WP Links Page <= 4.9.5 - Missing Authorization to Authenticated (Subscriber+) Limited Image Update
The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplfajaxupdatescreenshots' function in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-0619
The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...
CVE-2024-0619
The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...
CVE-2024-0619 Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update
The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...
CVE-2024-0619 Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update
The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...
CVE-2024-0619
CVE-2024-0619 concerns the Payflex Payment Gateway WordPress plugin, where a missing capability check in payment_callback() in all versions up to and including 2.5.0 permits unauthenticated modification of order status. The NVD description notes unauthorized data modification could lead to revenu...
CVE-2024-5677
The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the figsaveaftergenerateimage function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2024-5677 Featured Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Images Upload
The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the figsaveaftergenerateimage function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2024-5677
CVE-2024-5677 affects the Featured Image Generator plugin for WordPress. Root cause: missing capability check in fig_save_after_generate_image on all versions up to and including 1.3.1. Impact: allows authenticated attackers with Subscriber-level access and above to upload arbitrary images to a p...
CVE-2024-5992
The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatechatbottoken' and 'updatechatbotposition' functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to...