Lucene search
K

5257 matches found

Cvelist
Cvelist
added 2024/06/08 7:37 a.m.19 views

CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...

4.3CVSS0.00385EPSS
Exploits0References9
CVE
CVE
added 2024/06/08 7:37 a.m.55 views

CVE-2024-4468

CVE-2024-4468 concerns the Salon Booking System plugin for WordPress. The issue arises from a missing capability check on functions hooked into admin_init, allowing authenticated users with subscriber access or higher to modify plugin settings and view discount codes intended for other users. Aff...

5.4CVSS4.7AI score0.00385EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2024/06/08 6:15 a.m.21 views

CVE-2024-4661

The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...

4.3CVSS0.0028EPSS
Exploits0References2
OSV
OSV
added 2024/06/08 6:15 a.m.3 views

CVE-2024-4661

The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...

4.3CVSS5.8AI score0.0028EPSS
Exploits0References2
NVD
NVD
added 2024/06/08 6:15 a.m.26 views

CVE-2024-5087

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

6.3CVSS0.00436EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/06/08 5:44 a.m.29 views

CVE-2024-5087 Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

6.3CVSS0.00436EPSS
Exploits0References9
CVE
CVE
added 2024/06/08 5:44 a.m.57 views

CVE-2024-5087

CVE-2024-5087 affects the Minimal Coming Soon – Coming Soon Page WordPress plugin. The vulnerability is caused by missing capability checks in AJAX handlers (validate_ajax, deactivate_ajax, save_ajax) on all versions up to 2.38, enabling authenticated users with Subscriber-level access and above ...

6.3CVSS5.9AI score0.00436EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2024/06/08 5:44 a.m.63 views

CVE-2024-4661

CVE-2024-4661 (WP Reset) – WordPress Plugin . Vulnerability due to missing capability check in the save_ajax function across versions up to 2.02, enabling authenticated users with subscriber-level access and above to modify the value of the “License Key” field under the Activate Pro License setti...

4.3CVSS4.6AI score0.0028EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/06/08 5:15 a.m.19 views

CVE-2024-5770

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...

4.3CVSS0.00347EPSS
Exploits0References4
OSV
OSV
added 2024/06/08 5:15 a.m.6 views

CVE-2024-5770

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...

4.3CVSS5.8AI score0.00347EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/08 4:32 a.m.14 views

CVE-2024-5770 WP Force SSL & HTTPS SSL Redirect <= 1.66 - Missing Authorization to Settings Update

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...

4.2CVSS6.5AI score0.00347EPSS
Exploits0References4
CVE
CVE
added 2024/06/08 4:32 a.m.52 views

CVE-2024-5770

CVE-2024-5770 concerns the WP Force SSL & HTTPS SSL Redirect WordPress plugin. According to the connected Red Hat advisory, versions up to and including 1.66 are affected by a missing capability check in the ajax_save_setting function, enabling authenticated users with subscriber-level permission...

4.3CVSS4.4AI score0.00347EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/08 12:0 a.m.7 views

PT-2024-36843 · WordPress · Cf7 Google Sheets Connector

Name of the Vulnerable Software and Affected Versions: CF7 Google Sheets Connector plugin for WordPress versions up to, and including, 5.0.9 Description: The issue is related to a missing capability check on the execute post data cg7 free function, allowing unauthenticated attackers to modify dat...

6.5CVSS6.7AI score0.00352EPSS
Exploits0References12
NVD
NVD
added 2024/06/07 11:15 a.m.15 views

CVE-2024-5637

The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'removefiles' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path...

8.1CVSS0.0081EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/07 11:2 a.m.14 views

CVE-2024-5637 Market Exporter <= 2.0.19 - Missing Authorization to Arbitrary File Deletion

The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'removefiles' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path...

7.5CVSS6.7AI score0.0081EPSS
Exploits0References3
OSV
OSV
added 2024/06/07 6:15 a.m.10 views

CVE-2023-6491

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtstsaveviewsticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and...

4.3CVSS6.3AI score0.00282EPSS
Exploits0References2
NVD
NVD
added 2024/06/07 6:15 a.m.24 views

CVE-2023-6491

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtstsaveviewsticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and...

4.3CVSS0.00282EPSS
Exploits0References2
NVD
NVD
added 2024/06/07 3:15 a.m.23 views

CVE-2024-5607

The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...

5.4CVSS0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/07 2:39 a.m.21 views

CVE-2024-5607 GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting

The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...

5.4CVSS0.00276EPSS
Exploits0References2
CVE
CVE
added 2024/06/07 2:39 a.m.52 views

CVE-2024-5607

The CVE-2024-5607 entry concerns the GDPR CCPA Compliance & Cookie Consent Banner WordPress plugin. It states a missing capability check on multiple ajaxUpdateSettings() functions in all versions up to and including 2.7.0, allowing authenticated attackers with Subscriber-level access and higher t...

5.4CVSS5.6AI score0.00276EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder