Lucene search
K

5257 matches found

NVD
NVD
added 2024/07/09 9:15 a.m.24 views

CVE-2024-5993

The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesession' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

5.4CVSS0.00465EPSS
Exploits0References3
NVD
NVD
added 2024/07/09 9:15 a.m.32 views

CVE-2024-5704

The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions i.e. ffwinsertnewfaq, ffwhidediscountnotice, ffwdeleteallfaqs, ffwdeletesinglefaq, etc... in all...

4.3CVSS0.00399EPSS
Exploits0References7
NVD
NVD
added 2024/07/09 9:15 a.m.20 views

CVE-2024-5669

The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffwactivatetemplate' function in all versions up to, and including, 1.7.0. This makes it possible for...

6.4CVSS0.00372EPSS
Exploits0References3
NVD
NVD
added 2024/07/09 9:15 a.m.25 views

CVE-2024-5600

The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the importsettings function in all versions up to, and including, 1.3.10. This makes it possible f...

5.4CVSS0.00295EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/07/09 9:15 a.m.3 views

CVE-2024-5600

The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the importsettings function in all versions up to, and including, 1.3.10. This makes it possible f...

5.4CVSS5.9AI score0.00295EPSS
Exploits0References3
NVD
NVD
added 2024/07/09 9:15 a.m.27 views

CVE-2024-3608

The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the productdesignerajaxdeleteattachid function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary...

5.3CVSS0.00562EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/09 8:33 a.m.7 views

CVE-2024-6069 Pie Register - Basic <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation

The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pieregisterinstalladdon function in...

8.8CVSS6.5AI score0.00631EPSS
Exploits0References5
CVE
CVE
added 2024/07/09 8:33 a.m.41 views

CVE-2024-5669

CVE-2024-5669 affects XPlainer – Product FAQs for WooCommerce & AI FAQ Generator (WordPress). Root cause: missing capability check in the ffw_activate_template function across all versions up to 1.6.4, allowing authenticated attackers with Subscriber+ access to store cross-site scripting that tri...

6.4CVSS5.8AI score0.00372EPSS
Exploits0References3
CVE
CVE
added 2024/07/09 8:33 a.m.83 views

CVE-2024-4102

CVE-2024-4102 affects the Pricing Table plugin for WordPress. The root cause is a missing capability check in the ajax() function across versions up to and including 2.0.1, enabling authenticated attackers with subscriber-level access or higher to perform unauthorized actions such as editing pric...

5.4CVSS5.6AI score0.00269EPSS
Exploits0References2
CVE
CVE
added 2024/07/09 8:33 a.m.44 views

CVE-2024-5992

CVE-2024-5992 - Cliengo for WordPress : The Cliengo – Chatbot plugin is vulnerable to unauthorized modification of data due to a missing capability check on update_chatbot_token and update_chatbot_position in all versions up to 3.0.1. This allows unauthenticated attackers to change chatbot settin...

6.5CVSS5.9AI score0.00536EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/09 8:33 a.m.36 views

CVE-2024-5648 LearnDash LMS - Reports Free <= 1.8.2.1 - Missing Authorization to Plugin Settings Update

The LearnDash LMS – Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions i.e. wrldsetconfiguration, wrldexcludesettingssave, applytimetrackingsettings, wpajaxwrldgutenbergblockvisit, etc.. in all versions up to, and...

5.4CVSS0.00451EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/07/09 8:33 a.m.16 views

CVE-2024-5648 LearnDash LMS - Reports Free <= 1.8.2 - Missing Authorization to Plugin Settings Update

The LearnDash LMS – Reports plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

5.4CVSS6.5AI score0.00451EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/07/09 8:33 a.m.20 views

CVE-2024-5856 Comment Images Reloaded <= 2.2.1 - Authenticated (Subscriber+) Arbitrary Media Deletion

The Comment Images Reloaded plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the cirdeleteimage AJAX action in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS0.00403EPSS
Exploits0References2
CVE
CVE
added 2024/07/09 8:33 a.m.50 views

CVE-2024-5600

CVE-2024-5600 concerns the WordPress plugin “SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue.” The vulnerability is a Stored Cross-Site Scripting (XSS) due to a missing capability check and insufficient sanitization in the import_settings() function. It affects all versions up to an...

5.4CVSS5.3AI score0.00295EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/09 8:33 a.m.20 views

CVE-2024-5600 Happy SCSS Compiler - Compile SCSS to CSS automatically <= 1.3.10 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The SCSS Happy Compiler – Compile SCSS to CSS & Automatic Enqueue plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check and insufficient sanitization on the importsettings function in all versions up to, and including, 1.3.10. This makes it possible f...

5.4CVSS0.00295EPSS
Exploits0References2
CVE
CVE
added 2024/07/09 8:33 a.m.50 views

CVE-2024-3608

CVE-2024-3608 affects the Product Designer plugin for WordPress. It enables unauthenticated attackers to delete arbitrary attachments due to a missing capability check in product_designer_ajax_delete_attach_id() in versions up to 1.0.33. The vulnerability status and exact impacted versions are do...

5.3CVSS6AI score0.00562EPSS
Exploits0References3
CVE
CVE
added 2024/07/09 8:33 a.m.43 views

CVE-2024-5704

CVE-2024-5704 affects the XPlainer – Product FAQs for WooCommerce (WordPress); all versions up to 1.6.4 are vulnerable due to missing capability checks on several admin functions. This allows authenticated attackers with Subscriber-level access and above to add, update, and modify FAQs, FAQ lists...

4.3CVSS5.9AI score0.00399EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/07/09 8:33 a.m.21 views

CVE-2024-6167 Just Custom Fields <= 3.3.2 - Missing Authorization via AJAX actions

The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS0.00297EPSS
Exploits0References2
CVE
CVE
added 2024/07/09 8:33 a.m.48 views

CVE-2024-6167

The CVE-2024-6167 issue in the Just Custom Fields WordPress plugin is a missing capability check in several admin AJAX functions, enabling authenticated users with Subscriber-level access (and above) to invoke admin‑only functionality such as managing field groups and item visibility. Affected ve...

4.3CVSS4.7AI score0.00297EPSS
Exploits0References2
CVE
CVE
added 2024/07/09 8:33 a.m.43 views

CVE-2024-5993

CVE-2024-5993 (Cliengo – Chatbot plugin for WordPress) affects all versions up to 3.0.1. Red Hat’s entry indicates the root cause is a missing capability check in the update_session function, enabling authenticated users with Subscriber-level access and above to modify the chatbot session token. ...

5.4CVSS5.9AI score0.00465EPSS
Exploits0References3
Rows per page
Query Builder