5257 matches found
CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...
CVE-2024-4468
CVE-2024-4468 concerns the Salon Booking System plugin for WordPress. The issue arises from a missing capability check on functions hooked into admin_init, allowing authenticated users with subscriber access or higher to modify plugin settings and view discount codes intended for other users. Aff...
CVE-2024-4661
The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...
CVE-2024-4661
The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...
CVE-2024-5087
The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...
CVE-2024-5087 Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change
The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...
CVE-2024-5087
CVE-2024-5087 affects the Minimal Coming Soon – Coming Soon Page WordPress plugin. The vulnerability is caused by missing capability checks in AJAX handlers (validate_ajax, deactivate_ajax, save_ajax) on all versions up to 2.38, enabling authenticated users with Subscriber-level access and above ...
CVE-2024-4661
CVE-2024-4661 (WP Reset) – WordPress Plugin . Vulnerability due to missing capability check in the save_ajax function across versions up to 2.02, enabling authenticated users with subscriber-level access and above to modify the value of the “License Key” field under the Activate Pro License setti...
CVE-2024-5770
The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...
CVE-2024-5770
The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...
CVE-2024-5770 WP Force SSL & HTTPS SSL Redirect <= 1.66 - Missing Authorization to Settings Update
The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...
CVE-2024-5770
CVE-2024-5770 concerns the WP Force SSL & HTTPS SSL Redirect WordPress plugin. According to the connected Red Hat advisory, versions up to and including 1.66 are affected by a missing capability check in the ajax_save_setting function, enabling authenticated users with subscriber-level permission...
PT-2024-36843 · WordPress · Cf7 Google Sheets Connector
Name of the Vulnerable Software and Affected Versions: CF7 Google Sheets Connector plugin for WordPress versions up to, and including, 5.0.9 Description: The issue is related to a missing capability check on the execute post data cg7 free function, allowing unauthenticated attackers to modify dat...
CVE-2024-5637
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'removefiles' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path...
CVE-2024-5637 Market Exporter <= 2.0.19 - Missing Authorization to Arbitrary File Deletion
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'removefiles' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path...
CVE-2023-6491
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtstsaveviewsticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and...
CVE-2023-6491
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtstsaveviewsticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and...
CVE-2024-5607
The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...
CVE-2024-5607 GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting
The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...
CVE-2024-5607
The CVE-2024-5607 entry concerns the GDPR CCPA Compliance & Cookie Consent Banner WordPress plugin. It states a missing capability check on multiple ajaxUpdateSettings() functions in all versions up to and including 2.7.0, allowing authenticated attackers with Subscriber-level access and higher t...