5256 matches found
CVE-2024-0867
CVE-2024-0867 – Email Log (WordPress) vulnerability : Unauthenticated Hook Injection in all versions up to 2.4.8 via check_nonce. An attacker can execute actions with hooks without authentication under conditions where a nonce check is present and a nonce is known, and where there is no capabilit...
PT-2024-15876 · WordPress · Email Log
Name of the Vulnerable Software and Affected Versions: Email Log plugin for WordPress versions up to, and including, 2.4.8 Description: The issue allows unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. This is possible when the action the attacker...
CVE-2024-3626
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gettemplatecontent function in all versions up to, and including, 5.7.17. This...
CVE-2024-3711 Brizy – Page Builder <= 2.4.43 - Missing Authorization
The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions actionrequestdisable, actionchangetemplate, and actionrequestenable in all versions up to, and including, 2.4.43. This makes it possible for...
CVE-2024-3626 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gettemplatecontent function in all versions up to, and including, 5.7.17. This...
CVE-2024-3626
CVE-2024-3626: The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin has a Missing Authorization flaw in get_template_content that allows authenticated users with subscriber access and above to read private and password‑protected po...
CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the exportentries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...
CVE-2023-6325
CVE-2023-6325 concerns the RomethemeForm For Elementor WordPress plugin. The vulnerability arises from a missing capability check in export_entries, rtformnewform, and rtformupdate, affecting all versions up to 1.1.5. Consequences include unauthenticated export of form submissions, creation of ne...
CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the exportentries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...
Schema App Structured Data <= 2.2.0 - Missing Authorization
Description The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber access...
PT-2024-14928 · WordPress · Romethemeform For Elementor
Name of the Vulnerable Software and Affected Versions: RomethemeForm For Elementor plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows unauthorized access and modification of data due to a missing capability check on the export entries, rtformnewform, and...
PT-2024-26937 · Icegram Express · Email Subscribers
Name of the Vulnerable Software and Affected Versions: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin versions up to, and including, 5.7.17 Description: The issue allows authenticated attackers with subscriber access and above to...
CVE-2024-2036
CVE-2024-2036 affects the WordPress plugin ApplyOnline – Application Form Builder and Manager. Root cause is a missing capability check on the aol_modal_box AJAX action, making data exposure possible for authenticated users with subscriber access or higher in all versions up to and including 2.6....
CVE-2024-3663 WP Scraper <= 5.7 - Missing Authorization to Arbitrary Page/Post Creation
The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpscrapermultiscrapeaction function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create...
CVE-2024-3663
CVE-2024-3663 affects the WordPress plugin WP Scraper. A missing capability check in wp_scraper_multi_scrape_action() allows authenticated users with subscriber+ privileges to create arbitrary pages/posts on all versions up to 5.7. Impact per sources: unauthorized content creation within the site...
CVE-2024-0451
The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openaifilelistcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to lis...
CVE-2024-0452
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifileuploadcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...
CVE-2024-0452
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifileuploadcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...
CVE-2024-0453
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifiledeletecallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...
CVE-2024-0453
CVE-2024-0453 describes a vulnerability in the WordPress plugin AI ChatBot for WordPress (WPBot) where a missing capability check in openai_file_delete_callback allows authenticated users with subscriber-level access and above to delete files from a linked OpenAI account. The issue affects all ve...