Lucene search
K

5257 matches found

ATTACKERKB
ATTACKERKB
added 2024/07/02 8:15 a.m.5 views

CVE-2024-5545

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...

5.3CVSS6AI score0.0033EPSS
Exploits0References3
OSV
OSV
added 2024/07/02 8:15 a.m.4 views

CVE-2024-5545

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...

5.3CVSS5.9AI score0.0033EPSS
Exploits0References2
NVD
NVD
added 2024/07/02 8:15 a.m.28 views

CVE-2024-5545

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...

5.3CVSS0.0033EPSS
Exploits0References2
CVE
CVE
added 2024/07/02 7:37 a.m.58 views

CVE-2024-5545

CVE-2024-5545 affects the Motors – Car Dealer, Classifieds & Listing WordPress plugin. A missing capability check in stm_edit_delete_user_car allows unauthenticated attackers to unpublish arbitrary posts and pages in all versions up to 1.4.8. Root cause: insufficient authorization check in data-m...

5.3CVSS5.6AI score0.0033EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/02 7:37 a.m.14 views

CVE-2024-5545 Motors – Car Dealer, Classifieds & Listing <= 1.4.9 - Missing Authorization

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...

5.3CVSS6.9AI score0.0033EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.15 views

WordPress plugin LearnPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.4AI score0.0062EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.7 views

PT-2024-37378 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.6.8.1 Description: The issue allows unauthorized user registration due to a missing capability check on the register function. This enables unauthenticated attackers to bypa...

5.3CVSS7.3AI score0.0062EPSS
Exploits0References6
NVD
NVD
added 2024/06/28 4:15 a.m.17 views

CVE-2024-5864

The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eaflresetsettings AJAX action in all versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS0.00395EPSS
Exploits0References2
CVE
CVE
added 2024/06/28 3:29 a.m.65 views

CVE-2024-5864

CVE-2024-5864 concerns the Easy Affiliate Links WordPress plugin. The vulnerability arises from a missing capability check on the eafl_reset_settings AJAX action, allowing authenticated users with Subscriber-level access and above to modify the plugin’s settings in versions up to and including 3....

4.3CVSS4.7AI score0.00395EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/06/25 1:51 p.m.9 views

Kernel: bluetooth: Unauthorized management command execution

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

6.8CVSS7AI score0.0147EPSS
Exploits2References5
NVD
NVD
added 2024/06/25 7:15 a.m.28 views

CVE-2024-3249

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importxmldata, xmldataimport, importoptiondata, importwidgets, and importcustomizersettings functions in all versions up to, and including, 1.6.2. This...

4.3CVSS0.00343EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/25 6:57 a.m.32 views

CVE-2024-3249 Zita Elementor Site Library <= 1.6.2 - Missing Authorization to Page Creation and Options Modification

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importxmldata, xmldataimport, importoptiondata, importwidgets, and importcustomizersettings functions in all versions up to, and including, 1.6.2. This...

4.3CVSS0.00343EPSS
Exploits0References3
CVE
CVE
added 2024/06/25 6:57 a.m.46 views

CVE-2024-3249

CVE-2024-3249: The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized data modification due to missing capability checks on import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings in all versions up to 1.6.2. Authenticated a...

4.3CVSS4.7AI score0.00343EPSS
Exploits0References3
CVE
CVE
added 2024/06/21 11:33 p.m.61 views

CVE-2024-6120

CVE-2024-6120 affects the WordPress plugin Sparkle Demo Importer. Public details in connected docs confirm: all versions up to 1.4.7 are vulnerable due to a missing capability check in multiple functions, enabling authenticated attackers with Subscriber-level access (and above) to perform a destr...

6.5CVSS6.5AI score0.00503EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2024/06/21 4:15 a.m.22 views

CVE-2024-3961

The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...

5.3CVSS0.00371EPSS
Exploits0References2
OSV
OSV
added 2024/06/21 2:15 a.m.4 views

CVE-2024-1639

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey and showAllLicenseKeys functions in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with admi...

6.5CVSS5.9AI score0.00394EPSS
Exploits0References2
NVD
NVD
added 2024/06/21 2:15 a.m.18 views

CVE-2024-1955

The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warningnoticessettings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor acces...

4.3CVSS0.00343EPSS
Exploits0References3
NVD
NVD
added 2024/06/21 2:15 a.m.17 views

CVE-2024-3610

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctgeasychildtheme function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child theme...

5.3CVSS0.0053EPSS
Exploits0References3
NVD
NVD
added 2024/06/21 2:15 a.m.22 views

CVE-2024-1639

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey and showAllLicenseKeys functions in all versions up to, and including, 3.0.6. This makes it possible for authenticated attackers, with admi...

6.5CVSS0.00394EPSS
Exploits0References3
OSV
OSV
added 2024/06/21 2:15 a.m.3 views

CVE-2024-1955

The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warningnoticessettings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor acces...

4.3CVSS5.8AI score0.00343EPSS
Exploits0References3
Rows per page
Query Builder