Lucene search
K

5257 matches found

WPVulnDB
WPVulnDB
added 2024/06/14 12:0 a.m.15 views

Popup Builder < 4.3.2 - Missing Authorization in Multiple AJAX Actions

Description The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorize...

7.4CVSS5.8AI score0.00271EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.16 views

LA-Studio Element Kit for Elementor < 1.3.7.4 - Missing Authorization

Description The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to perform an unauthorized action...

8.8CVSS6.7AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.17 views

Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization

Description The Sensei LMS and Sensei Pro WC Paid Courses plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flushrewriterules function in versions up to, and including, 4.23.1 and . 4.24.0.1.24.0 respectively. This makes it possible...

6.4AI score0.00525EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.11 views

Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow < 1.4.0 - Missing Authorization

Description The Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxmediaslider and mssavesettings functions in versions up to, and including, 1.3.9. This...

8.8CVSS6.4AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.11 views

BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages < 3.4.20 - Missing Authorization

Description The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wc4bpshopprofilesyncajax function in versions up to, and including, 3.4.19. This makes it...

8.8CVSS6.4AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.18 views

Extra Product Options for WooCommerce < 3.0.7 - Missing Authorization

Description The Extra Product Options for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the epofwgetdatabasedoncd and epofwchangefieldbasedontype functions in versions up to, and including, 3.0.6. This makes it possible fo...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.14 views

Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery < 1.4.6 - Missing Authorization

Description The Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaximagegallery and igsavesettings functions in versions up to, and including, 1.4.5. This...

8.8CVSS6.4AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.15 views

Leyka < 3.31.2 - Missing Authorization

Description The Leyka plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sendCardCheck function in versions up to, and including, 3.31.1. This makes it possible for unauthenticated attackers to perform a card check...

5.3CVSS6.7AI score0.00381EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/06/11 6:15 a.m.18 views

CVE-2024-4319

The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vszcf7exporttoexcel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for...

5.3CVSS0.00482EPSS
Exploits0References3
CVE
CVE
added 2024/06/11 5:33 a.m.48 views

CVE-2024-4319

CVE-2024-4319 affects the WordPress plugin Advanced Contact form 7 DB . The vulnerability is due to a missing capability check in the function vsz_cf7_export_to_excel, allowing unauthenticated attackers to download submitted form entries. Affected versions are up to and including 2.0.2 ; remediat...

5.3CVSS5.5AI score0.00482EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.12 views

Salon booking system < 10.0 - Missing Authorization

Description The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with...

5.4CVSS6.4AI score0.00385EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.13 views

Simple COD Fees for WooCommerce <= 2.0.2 - Missing Authorization

Description The Simple COD Fees for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS6.4AI score0.00351EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.12 views

Insert Post Ads <= 1.3.2 - Missing Authorization

Description The Insert Post Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to perform an unauthorized action...

5.3CVSS6.7AI score0.00381EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/06/08 9:15 a.m.4 views

CVE-2024-5654

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...

6.5CVSS5.8AI score0.00352EPSS
Exploits0References4
NVD
NVD
added 2024/06/08 9:15 a.m.38 views

CVE-2024-5654

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...

6.5CVSS0.00352EPSS
Exploits0References3
OSV
OSV
added 2024/06/08 9:15 a.m.3 views

CVE-2024-5654

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...

6.5CVSS5.7AI score0.00352EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/08 8:39 a.m.17 views

CVE-2024-5654 CF7 Google Sheets Connector <= 5.0.9 - Missing Authorization to Limited Site Configuration Update

The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...

6.5CVSS6.7AI score0.00352EPSS
Exploits0References3
CVE
CVE
added 2024/06/08 8:39 a.m.74 views

CVE-2024-5654

CVE-2024-5654 affects the CF7 Google Sheets Connector plugin for WordPress, in all versions up to and including 5.0.9. The root cause is a missing capability check on the execute_post_data_cg7_free function, enabling unauthenticated attackers to modify site configuration settings (e.g., WP_DEBUG,...

6.5CVSS6.5AI score0.00352EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/06/08 8:15 a.m.15 views

CVE-2024-4468

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

5.4CVSS0.00385EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/06/08 7:37 a.m.15 views

CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

4.3CVSS6.4AI score0.00385EPSS
Exploits0References9
Rows per page
Query Builder