Lucene search
K

5256 matches found

OSV
OSV
added 2024/06/06 2:15 a.m.2 views

CVE-2024-4788

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createbhfpost function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00343EPSS
Exploits0References2
NVD
NVD
added 2024/06/06 2:15 a.m.21 views

CVE-2023-6966

The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.6.3. This makes it possible for...

8.1CVSS7.8AI score0.00394EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/06 2:2 a.m.28 views

CVE-2023-6966 The Moneytizer <= 9.6.3 - Missing Authorization via multiple AJAX actions

The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.6.3. This makes it possible for...

8.1CVSS7.8AI score0.00394EPSS
Exploits0References3
CVE
CVE
added 2024/06/06 2:2 a.m.61 views

CVE-2023-6966

The Moneytizer WordPress plugin (The Moneytizer) is vulnerable in versions up to 9.5.20 due to a missing capability check in core_ajax.php across multiple AJAX functions. This allows authenticated users with subscriber privileges and higher to view/update billing and bank details, adjust plugin s...

8.1CVSS5.9AI score0.00394EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/06/06 2:2 a.m.30 views

CVE-2024-4788

Technical details such as affected software versions, root cause, exploitability, and fixes are not provided in the supplied documents. Monitor official advisories and CVE updates for concrete, technical information.

4.3CVSS6AI score0.00343EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/06/06 2:2 a.m.106 views

CVE-2024-5324 XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update

Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS8.4AI score0.01507EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/06/06 2:2 a.m.14 views

CVE-2024-5324 XootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options Update

Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS6AI score0.01507EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/06/06 12:0 a.m.13 views

WooCommerce Tools < 1.2.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation

Description The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with...

5.3CVSS6.5AI score0.00335EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.5 views

PT-2024-18225 · WordPress · Woocommerce Tools

Name of the Vulnerable Software and Affected Versions: WooCommerce Tools plugin for WordPress versions up to, and including, 1.2.9 Description: The issue is related to a missing capability check on the woocommerce tool toggle module function, allowing authenticated attackers with subscriber-level...

5.3CVSS6.8AI score0.00335EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.5 views

PT-2024-15112 · Nayra Themes · The Clever Fox – One Click Website Importer

Name of the Vulnerable Software and Affected Versions: The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress versions up to, and including, 25.2.0 Description: The issue is related to a missing capability check on the clever-fox-activate-theme function, allowing...

5.4CVSS6.8AI score0.00385EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.5 views

PT-2024-14969 · WordPress · Strong Testimonials

Name of the Vulnerable Software and Affected Versions: Strong Testimonials plugin for WordPress versions up to, and including, 3.1.12 Description: The issue arises from an improper capability check on the wpmtst save view sticky function, allowing authenticated attackers with contributor access a...

4.3CVSS6.6AI score0.00282EPSS
Exploits0References8
NVD
NVD
added 2024/06/05 1:15 p.m.22 views

CVE-2024-5459

The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'addsection', 'addmenu', 'addmenuitem', and 'addmenupage' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated...

4.3CVSS4.3AI score0.00368EPSS
Exploits0References6
CVE
CVE
added 2024/06/05 12:45 p.m.56 views

CVE-2024-5459

CVE-2024-5459 affects the Restaurant Menu and Food Ordering plugin for WordPress. All versions up to 2.4.16 are vulnerable due to missing capability checks on add_section, add_menu, add_menu_item, and add_menu_page, enabling authenticated users with Subscriber-level access and above to create men...

4.3CVSS4.6AI score0.00368EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/05 12:45 p.m.17 views

CVE-2024-5459 Restaurant Menu and Food Ordering <= 2.4.16 - Missing Authorization to Menu Creation

The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'addsection', 'addmenu', 'addmenuitem', and 'addmenupage' functions in all versions up to, and including, 2.4.16. This makes it possible for authenticated...

4.3CVSS6.5AI score0.00368EPSS
Exploits0References6
NVD
NVD
added 2024/06/05 8:15 a.m.16 views

CVE-2024-5453

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...

4.3CVSS4.4AI score0.00351EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/05 7:34 a.m.20 views

CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...

4.3CVSS4.4AI score0.00351EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/05 6:50 a.m.11 views

CVE-2024-4088 Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization

The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disablefeassets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.0028EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.11 views

Boostify Header Footer Builder for Elementor <= 1.3.3 - Missing Authorization to Page/Post Creation

Description The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createbhfpost function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, wit...

4.3CVSS6.6AI score0.00343EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.18 views

Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Update

Description The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with...

8.8CVSS6.5AI score0.01507EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.12 views

The Moneytizer <= 9.5.20 - Missing Authorization via multiple AJAX actions

Description The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.5.20. This makes it possible...

8.1CVSS6.4AI score0.00394EPSS
Exploits0References1
Rows per page
Query Builder