5256 matches found
CVE-2024-4788
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createbhfpost function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with...
CVE-2023-6966
The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.6.3. This makes it possible for...
CVE-2023-6966 The Moneytizer <= 9.6.3 - Missing Authorization via multiple AJAX actions
The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.6.3. This makes it possible for...
CVE-2023-6966
The Moneytizer WordPress plugin (The Moneytizer) is vulnerable in versions up to 9.5.20 due to a missing capability check in core_ajax.php across multiple AJAX functions. This allows authenticated users with subscriber privileges and higher to view/update billing and bank details, adjust plugin s...
CVE-2024-4788
Technical details such as affected software versions, root cause, exploitability, and fixes are not provided in the supplied documents. Monitor official advisories and CVE updates for concrete, technical information.
CVE-2024-5324 XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update
Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2024-5324 XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update
Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
WooCommerce Tools < 1.2.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation
Description The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with...
PT-2024-18225 · WordPress · Woocommerce Tools
Name of the Vulnerable Software and Affected Versions: WooCommerce Tools plugin for WordPress versions up to, and including, 1.2.9 Description: The issue is related to a missing capability check on the woocommerce tool toggle module function, allowing authenticated attackers with subscriber-level...
PT-2024-15112 · Nayra Themes · The Clever Fox – One Click Website Importer
Name of the Vulnerable Software and Affected Versions: The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress versions up to, and including, 25.2.0 Description: The issue is related to a missing capability check on the clever-fox-activate-theme function, allowing...
PT-2024-14969 · WordPress · Strong Testimonials
Name of the Vulnerable Software and Affected Versions: Strong Testimonials plugin for WordPress versions up to, and including, 3.1.12 Description: The issue arises from an improper capability check on the wpmtst save view sticky function, allowing authenticated attackers with contributor access a...
CVE-2024-5459
The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'addsection', 'addmenu', 'addmenuitem', and 'addmenupage' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated...
CVE-2024-5459
CVE-2024-5459 affects the Restaurant Menu and Food Ordering plugin for WordPress. All versions up to 2.4.16 are vulnerable due to missing capability checks on add_section, add_menu, add_menu_item, and add_menu_page, enabling authenticated users with Subscriber-level access and above to create men...
CVE-2024-5459 Restaurant Menu and Food Ordering <= 2.4.16 - Missing Authorization to Menu Creation
The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'addsection', 'addmenu', 'addmenuitem', and 'addmenupage' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated...
CVE-2024-5453
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...
CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...
CVE-2024-4088 Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization
The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disablefeassets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with...
Boostify Header Footer Builder for Elementor <= 1.3.3 - Missing Authorization to Page/Post Creation
Description The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createbhfpost function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, wit...
Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Update
Description The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with...
The Moneytizer <= 9.5.20 - Missing Authorization via multiple AJAX actions
Description The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.5.20. This makes it possible...