5256 matches found
PT-2024-17229 · WordPress · Wp-Recall
Name of the Vulnerable Software and Affected Versions: WP-Recall – Registration, Profile, Commerce & More plugin for WordPress versions up to, and including, 16.26.6 Description: The issue is related to unauthorized loss of data due to a missing capability check on the delete payment function. Th...
PT-2024-18629 · WordPress · Countdown
Name of the Vulnerable Software and Affected Versions: The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress versions up to, and including, 2.7.8 Description: The issue is related to a missing capability check on the conditionsRow and switchCountdown functions, allowing...
PT-2024-32870 · WordPress · Boostify Header Footer Builder
Name of the Vulnerable Software and Affected Versions: Boostify Header Footer Builder for Elementor plugin for WordPress versions up to, and including, 1.3.3 Description: The issue is related to unauthorized modification of data due to a missing capability check on the create bhf post function...
CVE-2024-3555
The Social Link Pages: link-in-bio landing pages for your social media profiles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the importlinkpages function in all versions up to, and including, 1.6.9. This makes it possible for unauthenticated...
CVE-2024-1717
The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handleajaxcall function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Gutenberg Blocks and Page Layouts – Attire Blocks < 1.9.3 - Missing Authorization
Description The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disablefeassets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated...
CVE-2024-4958
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This makes it...
CVE-2024-4958 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This makes it...
CVE-2024-1324
The QQWorld Auto Save Images plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the saveremoteimagesgetautosavedresults function hooked via a norpriv AJAX in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated...
CVE-2024-4205
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gettemplatecontent function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level access a...
wpDataTables - Tables & Table Charts (Premium) < 6.4 - Missing Authorization to DataTable Access & Modification
Description The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdtajaxactions.php file in all versions up to, and including, 6.3.2. This makes it...
PT-2024-29709 · WordPress · Premium Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.31 Description: The issue allows authenticated attackers with subscriber-level access and above to retrieve Elementor template data due to a missing...
CVE-2024-5326
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated...
CVE-2024-5326
The CVE-2024-5326 issue affects the WordPress plugin Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX (versions up to 4.1.2). It has a missing capability check in postx_presets_callback that lets authenticated attackers with Contributor-level access and above modify arbitrary options,...
CVE-2024-4427
The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugi...
CVE-2024-4355
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbotsgetajaxdata function in all versions up to, and including, 10.23. This makes it possible for...
CVE-2024-4355 Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 10.23 - Missing Authorization to Information Expsoure
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbotsgetajaxdata function in all versions up to, and including, 10.23. This makes it possible for...
CVE-2024-4427
CVE-2024-4427 concerns the WordPress plugin Comparison Slider . The vulnerability exists in all versions up to and including 1.0.5 due to a missing capability check on several AJAX actions . This can allow authenticated attackers with subscriber access or higher to modify data, including plugin s...
CVE-2024-3277 Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification
The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...
CVE-2024-3277
CVE-2024-3277 affects the WordPress plugin “Yumpu ePaper publishing” (versions