Lucene search
K

5256 matches found

Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.4 views

PT-2024-17229 · WordPress · Wp-Recall

Name of the Vulnerable Software and Affected Versions: WP-Recall – Registration, Profile, Commerce & More plugin for WordPress versions up to, and including, 16.26.6 Description: The issue is related to unauthorized loss of data due to a missing capability check on the delete payment function. Th...

5.3CVSS7AI score0.00393EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.4 views

PT-2024-18629 · WordPress · Countdown

Name of the Vulnerable Software and Affected Versions: The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress versions up to, and including, 2.7.8 Description: The issue is related to a missing capability check on the conditionsRow and switchCountdown functions, allowing...

5.4CVSS7.1AI score0.00317EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.2 views

PT-2024-32870 · WordPress · Boostify Header Footer Builder

Name of the Vulnerable Software and Affected Versions: Boostify Header Footer Builder for Elementor plugin for WordPress versions up to, and including, 1.3.3 Description: The issue is related to unauthorized modification of data due to a missing capability check on the create bhf post function...

4.3CVSS6.7AI score0.00343EPSS
Exploits0References7
NVD
NVD
added 2024/06/04 6:15 a.m.17 views

CVE-2024-3555

The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the importlinkpages function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...

7.2CVSS6.8AI score0.00312EPSS
Exploits0References2
NVD
NVD
added 2024/06/04 6:15 a.m.14 views

CVE-2024-1717

The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handleajaxcall function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS4.3AI score0.00383EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/06/04 12:0 a.m.9 views

Gutenberg Blocks and Page Layouts – Attire Blocks < 1.9.3 - Missing Authorization

Description The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disablefeassets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated...

4.3CVSS6.5AI score0.0028EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/06/01 8:15 a.m.19 views

CVE-2024-4958

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This makes it...

7.1CVSS6.8AI score0.00334EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/01 7:35 a.m.24 views

CVE-2024-4958 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This makes it...

7.1CVSS6.8AI score0.00334EPSS
Exploits0References2
NVD
NVD
added 2024/06/01 7:15 a.m.12 views

CVE-2024-1324

The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the saveremoteimagesgetautosavedresults function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated...

5.3CVSS5.5AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2024/05/31 6:15 a.m.4 views

CVE-2024-4205

The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gettemplatecontent function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level access a...

4.3CVSS5.8AI score0.00341EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/05/31 12:0 a.m.21 views

wpDataTables - Tables & Table Charts (Premium) < 6.4 - Missing Authorization to DataTable Access & Modification

Description The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdtajaxactions.php file in all versions up to, and including, 6.3.2. This makes it...

7.3CVSS6.6AI score0.00325EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.4 views

PT-2024-29709 · WordPress · Premium Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.31 Description: The issue allows authenticated attackers with subscriber-level access and above to retrieve Elementor template data due to a missing...

4.3CVSS6.7AI score0.00341EPSS
Exploits0References6
NVD
NVD
added 2024/05/30 11:15 a.m.32 views

CVE-2024-5326

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated...

8.8CVSS8.4AI score0.01426EPSS
Exploits1References4
CVE
CVE
added 2024/05/30 10:59 a.m.75 views

CVE-2024-5326

The CVE-2024-5326 issue affects the WordPress plugin Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX (versions up to 4.1.2). It has a missing capability check in postx_presets_callback that lets authenticated attackers with Contributor-level access and above modify arbitrary options,...

8.8CVSS8.3AI score0.01426EPSS
Exploits1References4
NVD
NVD
added 2024/05/30 9:15 a.m.18 views

CVE-2024-4427

The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugi...

4.3CVSS4.7AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2024/05/30 9:15 a.m.15 views

CVE-2024-4355

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbotsgetajaxdata function in all versions up to, and including, 10.23. This makes it possible for...

4.3CVSS4.7AI score0.00343EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/30 8:30 a.m.21 views

CVE-2024-4355 Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 10.23 - Missing Authorization to Information Expsoure

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbotsgetajaxdata function in all versions up to, and including, 10.23. This makes it possible for...

4.3CVSS4.7AI score0.00343EPSS
Exploits0References3
CVE
CVE
added 2024/05/30 8:30 a.m.47 views

CVE-2024-4427

CVE-2024-4427 concerns the WordPress plugin Comparison Slider . The vulnerability exists in all versions up to and including 1.0.5 due to a missing capability check on several AJAX actions . This can allow authenticated attackers with subscriber access or higher to modify data, including plugin s...

4.3CVSS4.7AI score0.00264EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/30 4:31 a.m.13 views

CVE-2024-3277 Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification

The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...

5CVSS6.5AI score0.00316EPSS
Exploits0References2
CVE
CVE
added 2024/05/30 4:31 a.m.85 views

CVE-2024-3277

CVE-2024-3277 affects the WordPress plugin “Yumpu ePaper publishing” (versions

5CVSS5.2AI score0.00316EPSS
Exploits0References3
Rows per page
Query Builder