5257 matches found
CVE-2024-5545
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...
CVE-2024-5545
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...
CVE-2024-5545
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...
CVE-2024-5545
CVE-2024-5545 affects the Motors – Car Dealer, Classifieds & Listing WordPress plugin. A missing capability check in stm_edit_delete_user_car allows unauthenticated attackers to unpublish arbitrary posts and pages in all versions up to 1.4.8. Root cause: insufficient authorization check in data-m...
CVE-2024-5545 Motors – Car Dealer, Classifieds & Listing <= 1.4.9 - Missing Authorization
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...
WordPress plugin LearnPress Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-37378 · WordPress · Learnpress
Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.6.8.1 Description: The issue allows unauthorized user registration due to a missing capability check on the register function. This enables unauthenticated attackers to bypa...
CVE-2024-5864
The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eaflresetsettings AJAX action in all versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-5864
CVE-2024-5864 concerns the Easy Affiliate Links WordPress plugin. The vulnerability arises from a missing capability check on the eafl_reset_settings AJAX action, allowing authenticated users with Subscriber-level access and above to modify the plugin’s settings in versions up to and including 3....
Kernel: bluetooth: Unauthorized management command execution
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...
CVE-2024-3249
The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importxmldata, xmldataimport, importoptiondata, importwidgets, and importcustomizersettings functions in all versions up to, and including, 1.6.2. This...
CVE-2024-3249 Zita Elementor Site Library <= 1.6.2 - Missing Authorization to Page Creation and Options Modification
The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importxmldata, xmldataimport, importoptiondata, importwidgets, and importcustomizersettings functions in all versions up to, and including, 1.6.2. This...
CVE-2024-3249
CVE-2024-3249: The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized data modification due to missing capability checks on import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings in all versions up to 1.6.2. Authenticated a...
CVE-2024-6120
CVE-2024-6120 affects the WordPress plugin Sparkle Demo Importer. Public details in connected docs confirm: all versions up to 1.4.7 are vulnerable due to a missing capability check in multiple functions, enabling authenticated attackers with Subscriber-level access (and above) to perform a destr...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-1639
The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey and showAllLicenseKeys functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with admi...
CVE-2024-1955
The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warningnoticessettings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor acces...
CVE-2024-3610
The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctgeasychildtheme function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child theme...
CVE-2024-1639
The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey and showAllLicenseKeys functions in all versions up to, and including, 3.0.6. This makes it possible for authenticated attackers, with admi...
CVE-2024-1955
The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warningnoticessettings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor acces...