Lucene search
K

5256 matches found

NVD
NVD
added 2024/05/30 4:15 a.m.17 views

CVE-2024-3269

The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlmuninstallplugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete...

5.4CVSS5.5AI score0.00298EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/30 3:34 a.m.25 views

CVE-2024-3269 Download Monitor <= 4.9.13 - Missing Authorization

The Download Monitor plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the dlmuninstallplugin function in all versions up to, and including, 4.9.13. This makes it possible for authenticated attackers to uninstall the plugin and delete...

5.4CVSS5.5AI score0.00298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.3 views

PT-2024-31095 · WordPress · Comparison Slider

Name of the Vulnerable Software and Affected Versions: Comparison Slider plugin for WordPress versions up to, and including, 1.0.5 Description: The issue allows authenticated attackers with subscriber access or above to modify data due to a missing capability check on several AJAX actions. This...

4.3CVSS6.7AI score0.00264EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.13 views

PT-2024-24841 · WordPress · Yumpu Epaper Publishing Plugin

Name of the Vulnerable Software and Affected Versions: Yumpu ePaper publishing plugin for WordPress version 2.0.24 and earlier Description: The issue allows authenticated attackers with subscriber-level access and above to upload PDF files, publish them, and modify the API key due to a missing...

5CVSS6.7AI score0.00316EPSS
Exploits0References5
NVD
NVD
added 2024/05/29 4:15 a.m.18 views

CVE-2024-0434

The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbmnewplacesave' function in all versions up to, and including, 1.7.1. This makes it possible for...

5.3CVSS5.5AI score0.00389EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/29 3:30 a.m.13 views

CVE-2024-0434 WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly <= 1.7.1 - Missing Authorization via ttbm_new_place_save

The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbmnewplacesave' function in all versions up to, and including, 1.7.1. This makes it possible for...

5.3CVSS6.7AI score0.00389EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/05/29 12:0 a.m.13 views

AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Missing Authorization

Description The AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to perform an unauthorized action...

9.8CVSS6.6AI score0.00344EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.3 views

PT-2024-15558 · WordPress · Wptravelly

Name of the Vulnerable Software and Affected Versions: WpTravelly plugin for WordPress versions prior to 1.7.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the ttbm new place save function. This enables unauthenticated attackers to create an...

5.3CVSS7AI score0.00389EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.10 views

WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly < 1.7.2 - Missing Authorization via ttbm_new_place_save

Description The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbmnewplacesave' function in all versions up to, and including, 1.7.1. This makes it possible for...

5.3CVSS6.7AI score0.00389EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/05/25 3:15 a.m.5 views

CVE-2024-4858

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savetestimonialsoptioncallback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to updat...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/25 2:50 a.m.19 views

CVE-2024-4858 Testimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting Update

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savetestimonialsoptioncallback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to updat...

5.3CVSS6.7AI score0.00402EPSS
Exploits0References3
CVE
CVE
added 2024/05/25 2:50 a.m.91 views

CVE-2024-4858

CVE-2024-4858 affects the WordPress plugin Testimonial Carousel for Elementor (WordPress plugin). The vulnerability is due to a missing capability check in the function save_testimonials_option_callback, present in versions up to and including 10.2.0, enabling unauthenticated attackers to modify ...

5.3CVSS5.5AI score0.00402EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/05/25 2:50 a.m.50 views

CVE-2024-4858 Testimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting Update

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savetestimonialsoptioncallback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to updat...

5.3CVSS5.5AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/25 12:0 a.m.5 views

PT-2024-33154 · Openai · Openai Api

Name of the Vulnerable Software and Affected Versions: The Testimonial Carousel For Elementor plugin for WordPress versions up to, and including, 10.2.0 Description: The issue is related to a missing capability check on the save testimonials option callback function, allowing unauthorized...

5.3CVSS6.3AI score0.00402EPSS
Exploits0References8
OSV
OSV
added 2024/05/24 7:15 a.m.3 views

CVE-2024-1376

The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the savebulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update...

4.3CVSS5.8AI score0.0028EPSS
Exploits0References2
OSV
OSV
added 2024/05/24 7:15 a.m.4 views

CVE-2024-0893

The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, ...

4.3CVSS5.8AI score0.00343EPSS
Exploits0References2
NVD
NVD
added 2024/05/24 7:15 a.m.22 views

CVE-2024-0893

The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber access or higher, ...

4.3CVSS4.7AI score0.00343EPSS
Exploits0References3
CVE
CVE
added 2024/05/24 6:42 a.m.58 views

CVE-2024-1376

CVE-2024-1376 affects the WordPress plugin Event post by WordPress.org, where a missing capability check in the save_bulkdatas function allowed authenticated users with subscriber-level access or higher to bulk-update post_meta_data in all versions up to and including 5.9.4. The Red Hat and Wordf...

4.3CVSS4.7AI score0.0028EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/24 6:42 a.m.21 views

CVE-2024-0893 Schema App Structured Data <= 2.2.0 - Missing Authorization

The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber access or higher, ...

4.3CVSS4.7AI score0.00343EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/24 5:30 a.m.9 views

CVE-2024-0867 Email Log <= 2.4.8 - Unauthenticated Hook Injection

The Email Log plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 2.4.8 via the checknonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the...

8.1CVSS8.2AI score0.00824EPSS
Exploits0References3
Rows per page
Query Builder