5257 matches found
CVE-2024-5860
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-5860
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-5541
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtanavisualeditorregisterajaxjsonendpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated...
CVE-2024-1634
The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsbdisconnectsettings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...
CVE-2024-1634
The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsbdisconnectsettings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to...
CVE-2024-5860
Tickera – WordPress Event Ticketing vulnerability (CVE-2024-5860): a missing capability check on the tc_dl_delete_tickets AJAX action allows authenticated users with Subscriber-level access and above to delete all event tickets. Affects all versions up to 3.5.2.8. The provided documents confirm t...
CVE-2024-5541 Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtanavisualeditorregisterajaxjsonendpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for unauthenticated...
CVE-2024-5541
CVE-2024-5541 affects the Ibtana – WordPress Website Builder plugin for WordPress (all versions up to 1.2.3.3). Root cause: missing capability check in ibtana_visual_editor_register_ajax_json_endpont, enabling unauthenticated attackers to modify option values (including reCAPTCHA keys). Impact: p...
CVE-2024-1634
CVE-2024-1634 concerns the Scheduling Plugin – Online Booking for WordPress. A missing capability check in the function cbsb_disconnect_settings affects all versions up to 3.5.10, enabling unauthenticated attackers to disconnect the plugin from the StartBooking service and remove connection data....
PT-2024-18182 · WordPress · The Scheduling Plugin – Online Booking
Name of the Vulnerable Software and Affected Versions: The Scheduling Plugin – Online Booking for WordPress plugin versions up to, and including, 3.5.10 Description: The issue is related to a missing capability check on the cbsb disconnect settings function, which allows unauthenticated attackers...
PT-2024-37199 · WordPress · The Tickera
Name of the Vulnerable Software and Affected Versions: The Tickera – WordPress Event Ticketing plugin versions up to, and including, 3.5.2.8 Description: The issue is related to unauthorized loss of data due to a missing capability check on the tc dl delete tickets AJAX action. This allows...
MJ Update History <= 1.0.4 - Missing Authorization
Description The MJ Update History plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an...
CVE-2024-2544
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...
CVE-2024-2544 Popup Builder <= 4.3.0 - Missing Authorization in Multiple AJAX Actions
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...
CVE-2024-2544
CVE-2024-2544 : The Popup Builder plugin for WordPress is affected by a missing capability check on all AJAX actions, enabling authenticated users with subscriber-level access and above to perform unauthorized actions (e.g., deleting or importing subscribers) and potentially facilitate stored XSS...
CVE-2024-2472
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startorusesessionforcustomer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view...
CVE-2024-2472
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startorusesessionforcustomer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view...
CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startorusesessionforcustomer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view...
CVE-2024-1094
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This makes it...
CVE-2024-1094
The CVE-2024-1094 entry concerns the Timetics WP Timetics- AI-powered Appointment Booking with Visual Seat Plan and Calendar Scheduling plugin for WordPress. Affected versions are all up to and including 1.0.21, with a missing capability check in make_staff() that allows unauthenticated users to ...