Lucene search
K

5257 matches found

NVD
NVD
added 2024/06/18 4:15 a.m.23 views

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.0028EPSS
Exploits0References2
OSV
OSV
added 2024/06/18 4:15 a.m.3 views

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.0028EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/06/18 3:15 a.m.5 views

CVE-2024-5541

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtanavisualeditorregisterajaxjsonendpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated...

5.3CVSS5.8AI score0.0046EPSS
Exploits0References5
NVD
NVD
added 2024/06/18 3:15 a.m.32 views

CVE-2024-1634

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsbdisconnectsettings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

6.5CVSS0.00359EPSS
Exploits0References2
OSV
OSV
added 2024/06/18 3:15 a.m.4 views

CVE-2024-1634

The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsbdisconnectsettings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...

6.5CVSS5.8AI score0.00359EPSS
Exploits0References2
CVE
CVE
added 2024/06/18 3:13 a.m.54 views

CVE-2024-5860

Tickera – WordPress Event Ticketing vulnerability (CVE-2024-5860): a missing capability check on the tc_dl_delete_tickets AJAX action allows authenticated users with Subscriber-level access and above to delete all event tickets. Affects all versions up to 3.5.2.8. The provided documents confirm t...

4.3CVSS4.6AI score0.0028EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/18 2:37 a.m.15 views

CVE-2024-5541 Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtanavisualeditorregisterajaxjsonendpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated...

5.3CVSS6.8AI score0.0046EPSS
Exploits0References3
CVE
CVE
added 2024/06/18 2:37 a.m.55 views

CVE-2024-5541

CVE-2024-5541 affects the Ibtana – WordPress Website Builder plugin for WordPress (all versions up to 1.2.3.3). Root cause: missing capability check in ibtana_visual_editor_register_ajax_json_endpont, enabling unauthenticated attackers to modify option values (including reCAPTCHA keys). Impact: p...

5.3CVSS5.8AI score0.0046EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/06/18 2:37 a.m.67 views

CVE-2024-1634

CVE-2024-1634 concerns the Scheduling Plugin – Online Booking for WordPress. A missing capability check in the function cbsb_disconnect_settings affects all versions up to 3.5.10, enabling unauthenticated attackers to disconnect the plugin from the StartBooking service and remove connection data....

6.5CVSS6.5AI score0.00359EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.5 views

PT-2024-18182 · WordPress · The Scheduling Plugin – Online Booking

Name of the Vulnerable Software and Affected Versions: The Scheduling Plugin – Online Booking for WordPress plugin versions up to, and including, 3.5.10 Description: The issue is related to a missing capability check on the cbsb disconnect settings function, which allows unauthenticated attackers...

6.5CVSS7AI score0.00359EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.4 views

PT-2024-37199 · WordPress · The Tickera

Name of the Vulnerable Software and Affected Versions: The Tickera – WordPress Event Ticketing plugin versions up to, and including, 3.5.2.8 Description: The issue is related to unauthorized loss of data due to a missing capability check on the tc dl delete tickets AJAX action. This allows...

4.3CVSS6.9AI score0.0028EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/06/18 12:0 a.m.13 views

MJ Update History <= 1.0.4 - Missing Authorization

Description The MJ Update History plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an...

4.3CVSS6.4AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2024/06/15 2:15 a.m.26 views

CVE-2024-2544

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

7.4CVSS0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/15 2:1 a.m.20 views

CVE-2024-2544 Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

7.4CVSS5.8AI score0.00271EPSS
Exploits0References2
CVE
CVE
added 2024/06/15 2:1 a.m.110 views

CVE-2024-2544

CVE-2024-2544 : The Popup Builder plugin for WordPress is affected by a missing capability check on all AJAX actions, enabling authenticated users with subscriber-level access and above to perform unauthorized actions (e.g., deleting or importing subscribers) and potentially facilitate stored XSS...

7.4CVSS6.5AI score0.00271EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/06/14 10:15 a.m.4 views

CVE-2024-2472

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startorusesessionforcustomer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view...

9.1CVSS5.8AI score0.00623EPSS
Exploits0References3
NVD
NVD
added 2024/06/14 10:15 a.m.26 views

CVE-2024-2472

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startorusesessionforcustomer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view...

9.1CVSS0.00623EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/14 9:36 a.m.34 views

CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startorusesessionforcustomer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view...

9.1CVSS0.00623EPSS
Exploits0References4
NVD
NVD
added 2024/06/14 5:15 a.m.16 views

CVE-2024-1094

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS0.00542EPSS
Exploits0References2
CVE
CVE
added 2024/06/14 4:36 a.m.56 views

CVE-2024-1094

The CVE-2024-1094 entry concerns the Timetics WP Timetics- AI-powered Appointment Booking with Visual Seat Plan and Calendar Scheduling plugin for WordPress. Affected versions are all up to and including 1.0.21, with a missing capability check in make_staff() that allows unauthenticated users to ...

7.3CVSS5.9AI score0.00542EPSS
Exploits0References2
Rows per page
Query Builder