Lucene search
K

5257 matches found

Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.4 views

PT-2024-37332 · WordPress · Eventin

Name of the Vulnerable Software and Affected Versions: Eventin plugin for WordPress versions up to, and including, 4.0.4 Description: The issue is related to unauthorized data importation due to a missing capability check on the import file function. This allows authenticated attackers with...

4.3CVSS6.6AI score0.00362EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/07/16 11:0 a.m.19 views

CVE-2024-6621 WP RSS Aggregator <= 4.23.11 - Missing Authorization to Authenticated (Subscriber+) Feed State Update

The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wprssactivatefeedsource' and 'wprsspausefeedsource' functions in all versions up to, and including, 4.23.11...

4.3CVSS0.0039EPSS
Exploits0References4
NVD
NVD
added 2024/07/16 10:15 a.m.14 views

CVE-2024-6579

The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with...

4.3CVSS0.00362EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/16 9:32 a.m.22 views

CVE-2024-6579 Web and WooCommerce Addons for WPBakery Builder <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification

The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with...

4.3CVSS0.00362EPSS
Exploits0References4
NVD
NVD
added 2024/07/16 9:15 a.m.25 views

CVE-2024-1937

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateitem' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to...

7.1CVSS0.00365EPSS
Exploits0References2
OSV
OSV
added 2024/07/16 9:15 a.m.6 views

CVE-2024-1937

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateitem' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to...

6.5CVSS5.9AI score0.00365EPSS
Exploits0References2
CVE
CVE
added 2024/07/16 8:32 a.m.94 views

CVE-2024-1937

CVE-2024-1937 (Brizy – Page Builder for WordPress) affects Brizy up to version 2.4.44. The vulnerability is caused by a missing capability check in the update_item function, allowing authenticated attackers with contributor access and above to modify content of arbitrary published posts, includin...

7.1CVSS6.8AI score0.00365EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.6 views

PT-2024-18436 · WordPress · Brizy

Name of the Vulnerable Software and Affected Versions: Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.44 Description: The issue allows authenticated attackers with contributor access and above to modify the content of arbitrary published posts due to a missing...

7.1CVSS6.8AI score0.00365EPSS
Exploits0References6
NVD
NVD
added 2024/07/13 12:15 p.m.19 views

CVE-2024-6465

The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplfajaxupdatescreenshots' function in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00385EPSS
Exploits0References3
CVE
CVE
added 2024/07/13 11:19 a.m.64 views

CVE-2024-6465

CVE-2024-6465 : The WP Links Page plugin for WordPress allows unauthorized modification of data due to a missing capability check in wplf_ajax_update_screenshots. This affects all versions up to and including 4.9.5. Authenticated attackers with Subscriber-level access and above can regenerate the...

4.3CVSS4.7AI score0.00385EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/13 11:19 a.m.9 views

CVE-2024-6465 WP Links Page <= 4.9.5 - Missing Authorization to Authenticated (Subscriber+) Limited Image Update

The WP Links Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplfajaxupdatescreenshots' function in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS6.5AI score0.00385EPSS
Exploits0References3
OSV
OSV
added 2024/07/11 4:15 a.m.2 views

CVE-2024-0619

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...

5.3CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2024/07/11 4:15 a.m.23 views

CVE-2024-0619

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...

5.3CVSS0.00402EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/11 3:33 a.m.19 views

CVE-2024-0619 Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...

5.3CVSS6.8AI score0.00402EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/11 3:33 a.m.23 views

CVE-2024-0619 Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...

5.3CVSS0.00402EPSS
Exploits0References2
CVE
CVE
added 2024/07/11 3:33 a.m.49 views

CVE-2024-0619

CVE-2024-0619 concerns the Payflex Payment Gateway WordPress plugin, where a missing capability check in payment_callback() in all versions up to and including 2.5.0 permits unauthenticated modification of order status. The NVD description notes unauthorized data modification could lead to revenu...

5.3CVSS5.5AI score0.00402EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/07/10 2:15 a.m.8 views

CVE-2024-5677

The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the figsaveaftergenerateimage function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS0.00334EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/10 2:2 a.m.11 views

CVE-2024-5677 Featured Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Images Upload

The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the figsaveaftergenerateimage function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access an...

4.3CVSS6.7AI score0.00334EPSS
Exploits0References2
CVE
CVE
added 2024/07/10 2:2 a.m.41 views

CVE-2024-5677

CVE-2024-5677 affects the Featured Image Generator plugin for WordPress. Root cause: missing capability check in fig_save_after_generate_image on all versions up to and including 1.3.1. Impact: allows authenticated attackers with Subscriber-level access and above to upload arbitrary images to a p...

4.3CVSS4.9AI score0.00334EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 9:15 a.m.18 views

CVE-2024-5992

The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatechatbottoken' and 'updatechatbotposition' functions in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to...

6.5CVSS0.00536EPSS
Exploits0References4
Rows per page
Query Builder