Lucene search
K

5257 matches found

NVD
NVD
added 2024/06/21 2:15 a.m.26 views

CVE-2023-3352

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the deleteresmushlist function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen ...

4.3CVSS0.00311EPSS
Exploits0References2
CVE
CVE
added 2024/06/21 2:5 a.m.66 views

CVE-2024-1955

CVE-2024-1955 affects the WordPress plugin Hide Dashboard Notifications (up to v1.3). Root cause: missing capability check in the warning_notices_settings function, enabling authenticated attackers with contributor+ rights to modify the plugin’s settings. Impact: unauthorized modification of data...

4.3CVSS4.7AI score0.00343EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/21 2:5 a.m.16 views

CVE-2023-3352 Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion

The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the deleteresmushlist function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to delete the resmush list for Nextgen ...

4.3CVSS4.4AI score0.00311EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/21 2:5 a.m.24 views

CVE-2024-3610 WP Child Theme Generator <= 1.1.1 - Missing Authorization to Unauthenticated Child Theme Creation/Activation

The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctgeasychildtheme function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child theme...

5.3CVSS6.6AI score0.0053EPSS
Exploits0References3
CVE
CVE
added 2024/06/21 2:5 a.m.63 views

CVE-2024-1639

CVE-2024-1639 affects License Manager for WooCommerce (WordPress). All versions up to 3.0.7 allow an authenticated admin (contributors, per WooCommerce) to view arbitrary decrypted license keys due to missing capability checks in showLicenseKey() and showAllLicenseKeys(). A referrer nonce check e...

6.5CVSS6AI score0.00394EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/06/21 2:5 a.m.54 views

CVE-2024-3610

CVE-2024-3610 affects the WP Child Theme Generator plugin for WordPress. The underlying issue is a missing capability check in wctg_easy_child_theme(), allowing unauthenticated attackers to create a blank child theme and activate it, potentially whitescreening the site. Affected versions are all ...

5.3CVSS5.5AI score0.0053EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/06/20 2:15 a.m.25 views

CVE-2024-3627

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible...

5.4CVSS0.00388EPSS
Exploits0References3
NVD
NVD
added 2024/06/20 2:15 a.m.28 views

CVE-2024-3602

The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnectpromolayer function in all versions up to, and including, 1.1.0. This...

4.3CVSS0.00345EPSS
Exploits0References3
OSV
OSV
added 2024/06/20 2:15 a.m.5 views

CVE-2024-3602

The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnectpromolayer function in all versions up to, and including, 1.1.0. This...

4.3CVSS5.8AI score0.00345EPSS
Exploits0References2
CVE
CVE
added 2024/06/20 2:8 a.m.53 views

CVE-2024-3627

CVE-2024-3627 affects Wheel of Life: Coaching and Assessment Tool for Life Coach (WordPress). The WordPress plugin versions up to 1.1.7 are vulnerable due to missing authorization checks in AjaxFunctions.php, allowing authenticated attackers with subscriber-level access or higher to delete arbitr...

5.4CVSS5.7AI score0.00388EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/20 2:8 a.m.20 views

CVE-2024-3627 Wheel of Life: Coaching and Assessment Tool for Life Coach <= 1.1.7 - Missing Authorization on Several AJAX Endpoints

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible...

5.4CVSS6.7AI score0.00388EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.5 views

PT-2024-26942 · WordPress · The Wheel Of Life: Coaching/Assessment Tool For Life Coach

Name of the Vulnerable Software and Affected Versions: The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress versions up to, and including, 1.1.7 Description: The issue is related to a missing capability check on several functions in the AjaxFunctions.php file. This...

5.4CVSS7AI score0.00388EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.9 views

PT-2024-26848 · WordPress · Promolayer

Name of the Vulnerable Software and Affected Versions: Promolayer plugin for WordPress versions up to, and including, 1.1.0 Description: The Promolayer plugin for WordPress is affected by an issue that allows unauthorized updates to plugin settings. This is due to a missing capability check on th...

4.3CVSS6.7AI score0.00345EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.4 views

PT-2024-26891 · WordPress · Wp Child Theme Generator

Name of the Vulnerable Software and Affected Versions: WP Child Theme Generator plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is related to a missing capability check on the wctg easy child theme function, allowing unauthorized modification of data. This enables...

5.3CVSS7.2AI score0.0053EPSS
Exploits0References8
NVD
NVD
added 2024/06/19 4:15 a.m.17 views

CVE-2024-5768

The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimoupdateprovider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 2024/06/19 4:15 a.m.22 views

CVE-2024-4450

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for authenticated attackers, with...

6.3CVSS0.00334EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/19 3:12 a.m.24 views

CVE-2024-5768 MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Authenticated (Contributor+) Stored Cross-Site Scripting

The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimoupdateprovider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level...

6.4CVSS0.00239EPSS
Exploits0References2
CVE
CVE
added 2024/06/19 3:12 a.m.52 views

CVE-2024-5768

CVE-2024-5768 affects MIMO Woocommerce Order Tracking (WordPress). The vulnerability is due to a missing capability check in mimo_update_provider, affecting all versions up to and including 1.0.2. Exploitation requires Subscriber+ authenticated access and can enable unauthorized modification of s...

6.4CVSS6.2AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 2024/06/19 3:12 a.m.56 views

CVE-2024-4450

CVE-2024-4450 affects AliExpress Dropshipping with AliNext Lite for WordPress. The issue is a missing capability check in several functions of ImportAjaxController.php, affecting all versions up to 3.3.5. This allows authenticated attackers with subscriber-level access and above to perform action...

6.3CVSS5.8AI score0.00334EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/19 12:0 a.m.7 views

PT-2024-31164 · WordPress · Aliexpress Dropshipping With Alinext Lite

Name of the Vulnerable Software and Affected Versions: AliExpress Dropshipping with AliNext Lite plugin for WordPress versions up to, and including, 3.3.5 Description: The issue is related to a missing capability check on several functions in the ImportAjaxController.php file. This allows...

6.3CVSS6.9AI score0.00334EPSS
Exploits0References6
Rows per page
Query Builder