Lucene search
K

5257 matches found

Cvelist
Cvelist
added 2024/07/09 8:33 a.m.20 views

CVE-2024-5993 Cliengo - Chatbot <= 3.0.2 - Missing Authorization to Authorized (Subscriber+) Chatbot Settings Update

The Cliengo – Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesession' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

5.4CVSS0.00465EPSS
Exploits0References2
CVE
CVE
added 2024/07/09 7:38 a.m.45 views

CVE-2024-6180

CVE-2024-6180 — EventON WordPress plugin is vulnerable due to a missing capability check on the ajax action eventon_import_settings, affecting all versions up to 2.2.15. This allows unauthenticated attackers to modify plugin settings, including injecting stored XSS into settings displayed on the ...

7.2CVSS6.8AI score0.00457EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/09 7:38 a.m.24 views

CVE-2024-6180 EventON <= 2.2.15 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting and Plugin Settings Updates

The EventON plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eventonimportsettings' ajax action in all versions up to, and including, 2.2.15. This makes it possible for unauthenticated attackers to update plugin settings, including...

7.2CVSS0.00457EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 2:15 a.m.13 views

CVE-2024-5855

The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulkactiondelete and deletesingleimagecall AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for...

4.3CVSS0.0038EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/09 2:3 a.m.11 views

CVE-2024-5855 Media Hygiene <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion

The Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the bulkactiondelete and deletesingleimagecall AJAX actions in all versions up to, and including, 3.0.1. This makes it possible for...

4.3CVSS6.6AI score0.0038EPSS
Exploits0References2
CVE
CVE
added 2024/07/09 2:3 a.m.60 views

CVE-2024-5855

CVE-2024-5855 affects the WordPress plugin Media Hygiene: Remove or Delete Unused Images and More! It allows authenticated users with Subscriber+ privileges to delete arbitrary attachments due to a missing capability check on bulk_action_delete and delete_single_image_call. A nonce check was adde...

4.3CVSS4.8AI score0.0038EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.4 views

PT-2024-29203 · WordPress · Pricing Table

Name of the Vulnerable Software and Affected Versions: Pricing Table plugin for WordPress versions up to, and including, 2.0.1 Description: The issue arises from a missing capability check on the ajax function, allowing authenticated attackers with subscriber-level access and above to perform...

5.4CVSS6.7AI score0.00269EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.5 views

PT-2024-37298 · WordPress · Cliengo – Chatbot

Name of the Vulnerable Software and Affected Versions: The Cliengo – Chatbot plugin for WordPress versions up to, and including, 3.0.1 Description: The issue is related to a missing capability check on the update session function, allowing authenticated attackers with Subscriber-level access and...

5.4CVSS6.7AI score0.00465EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.7 views

PT-2024-36999 · Woocommerce · Xplainer - Woocommerce Product Faq

Name of the Vulnerable Software and Affected Versions: The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin versions up to, and including, 1.6.4 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without proper...

6.4CVSS6.2AI score0.00372EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.4 views

PT-2024-37427 · WordPress · Just Custom Fields

Name of the Vulnerable Software and Affected Versions: The Just Custom Fields plugin for WordPress versions up to, and including, 3.3.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to invoke functionality intended for admin users due to a missing...

4.3CVSS6.8AI score0.00297EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.6 views

PT-2024-26888 · WordPress · Product Designer

Name of the Vulnerable Software and Affected Versions: Product Designer plugin for WordPress versions up to, and including, 1.0.33 Description: The issue is related to a missing capability check on the product designer ajax delete attach id function, which allows unauthorized loss of data. This...

5.3CVSS7AI score0.00562EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/08 12:0 a.m.5 views

PT-2024-37194 · WordPress · Media Hygiene

Name of the Vulnerable Software and Affected Versions: Media Hygiene: Remove or Delete Unused Images and More! plugin for WordPress versions up to, and including, 3.0.1 Description: The issue is related to a missing capability check on the bulk action delete and delete single image call AJAX...

4.3CVSS6.8AI score0.0038EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2024/07/04 8:15 a.m.3 views

CVE-2024-5641

The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cedocorsavegeneralsetting' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS5.6AI score0.00301EPSS
Exploits0References4
NVD
NVD
added 2024/07/04 8:15 a.m.21 views

CVE-2024-5641

The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cedocorsavegeneralsetting' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00301EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/04 7:32 a.m.15 views

CVE-2024-5641 One Click Order Re-Order <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cedocorsavegeneralsetting' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS6.1AI score0.00301EPSS
Exploits0References3
CVE
CVE
added 2024/07/04 7:32 a.m.46 views

CVE-2024-5641

CVE-2024-5641 affects the One Click Order Re-Order plugin for WordPress (all versions up to 1.1.9). The issue is unauthorized modification of data due to a missing capability check in the ced_ocor_save_general_setting function, enabling authenticated users with Subscriber level access and above t...

6.4CVSS5.7AI score0.00301EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/07/02 11:15 a.m.32 views

CVE-2024-6088

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user...

5.3CVSS0.0062EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/02 11:1 a.m.36 views

CVE-2024-6088 LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user...

5.3CVSS0.0062EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/02 9:32 a.m.21 views

CVE-2024-6012 Cost Calculator Builder <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation

The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, wit...

4.3CVSS0.00385EPSS
Exploits0References3
CVE
CVE
added 2024/07/02 9:32 a.m.57 views

CVE-2024-6012

CVE-2024-6012 affects the Cost Calculator Builder plugin for WordPress. The vulnerability arises from a missing capability check in embed-create-page and embed-insert-pages, affecting all versions up to and including 3.2.12. This permits authenticated attackers with Subscriber-level access or hig...

4.3CVSS4.8AI score0.00385EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder