Lucene search
K

5256 matches found

NVD
NVD
added 2024/06/07 2:15 a.m.31 views

CVE-2023-6876

The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated...

5.4CVSS0.00385EPSS
Exploits0References3
OSV
OSV
added 2024/06/07 2:15 a.m.6 views

CVE-2023-6876

The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated...

5.4CVSS5.8AI score
Exploits0References3
CVE
CVE
added 2024/06/07 2:2 a.m.58 views

CVE-2023-6876

CVE-2023-6876 (Clever Fox – One Click Website Importer) is an authenticated-actor vulnerability in the Clever Fox WordPress plugin where a missing capability check on clever-fox-activate-theme allows users with subscriber+ privileges to modify the active theme (incl. to an invalid value) in versi...

5.4CVSS5.4AI score0.00385EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/07 2:2 a.m.31 views

CVE-2024-1689 WooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation

The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS6.6AI score0.00335EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.11 views

Minimal Coming Soon – Coming Soon Page < 2.39 - Missing Authorization to Limited Settings Change

Description The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for...

6.3CVSS6.4AI score0.00436EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/07 12:0 a.m.5 views

PT-2024-37136 · WordPress · Wp Force Ssl & Https Ssl Redirect

Name of the Vulnerable Software and Affected Versions: WP Force SSL & HTTPS SSL Redirect plugin for WordPress versions up to, and including, 1.66 Description: The issue is related to unauthorized modification of data due to a missing capability check on the ajax save setting function. This allows...

4.3CVSS6.7AI score0.00347EPSS
Exploits0References11
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.15 views

WP Reset < 2.03 - Missing Authorization to License Key Modification

Description The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS6.4AI score0.0028EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/06/06 12:15 p.m.31 views

CVE-2024-5489

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS4.3AI score0.00453EPSS
Exploits0References3
OSV
OSV
added 2024/06/06 12:15 p.m.3 views

CVE-2024-5489

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.00453EPSS
Exploits0References3
CVE
CVE
added 2024/06/06 11:33 a.m.53 views

CVE-2024-5489

The CVE-2024-5489 entry concerns Wbcoms Designs – Custom Font Uploader for WordPress. A missing capability check in the cfu_delete_customfont function affects all versions up to 2.3.4, enabling authenticated users with Subscriber-level access and above to delete any custom font, i.e., unauthorize...

4.3CVSS4.6AI score0.00453EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/06/06 8:15 a.m.6 views

CVE-2024-5665

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘exportsettings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.9AI score0.00362EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/06 7:37 a.m.34 views

CVE-2024-5665 Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Exposure

The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘exportsettings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS4.4AI score0.00362EPSS
Exploits0References3
OSV
OSV
added 2024/06/06 4:15 a.m.3 views

CVE-2024-5449

The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...

4.3CVSS5.8AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 2024/06/06 4:15 a.m.4 views

CVE-2024-1175

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletepayment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete...

5.3CVSS5.9AI score0.00393EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/06 3:53 a.m.33 views

CVE-2024-1175 WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletepayment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete...

5.3CVSS5.2AI score0.00393EPSS
Exploits0References3
CVE
CVE
added 2024/06/06 3:53 a.m.62 views

CVE-2024-1175

CVE-2024-1175 affects WP-Recall – Registration, Profile, Commerce & More for WordPress. Red Hat advisory RH:CVE-2024-1175 confirms an unauthenticated data loss vulnerability caused by a missing capability check in the delete_payment function, exploitable on all versions up to 16.26.6. The vulnera...

5.3CVSS5.6AI score0.00393EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/06/06 3:32 a.m.24 views

CVE-2024-5449 WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization

The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...

4.3CVSS4.3AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 2024/06/06 3:15 a.m.5 views

CVE-2024-2017

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attacker...

5.4CVSS5.8AI score0.00317EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/06/06 2:38 a.m.10 views

CVE-2024-2017 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attacker...

5.4CVSS6.5AI score0.00317EPSS
Exploits0References5
NVD
NVD
added 2024/06/06 2:15 a.m.21 views

CVE-2024-5324

Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS8.4AI score0.01507EPSS
Exploits0References7
Rows per page
Query Builder