Lucene search
K

5256 matches found

CVE
CVE
added 2024/05/24 5:30 a.m.57 views

CVE-2024-0867

CVE-2024-0867 – Email Log (WordPress) vulnerability : Unauthenticated Hook Injection in all versions up to 2.4.8 via check_nonce. An attacker can execute actions with hooks without authentication under conditions where a nonce check is present and a nonce is known, and where there is no capabilit...

8.1CVSS8.2AI score0.00824EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.4 views

PT-2024-15876 · WordPress · Email Log

Name of the Vulnerable Software and Affected Versions: Email Log plugin for WordPress versions up to, and including, 2.4.8 Description: The issue allows unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. This is possible when the action the attacker...

8.1CVSS7AI score0.00824EPSS
Exploits0References6
NVD
NVD
added 2024/05/23 6:15 a.m.9 views

CVE-2024-3626

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gettemplatecontent function in all versions up to, and including, 5.7.17. This...

4.3CVSS4.6AI score0.00369EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/23 5:32 a.m.17 views

CVE-2024-3711 Brizy – Page Builder <= 2.4.43 - Missing Authorization

The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions actionrequestdisable, actionchangetemplate, and actionrequestenable in all versions up to, and including, 2.4.43. This makes it possible for...

4.3CVSS4.7AI score0.00343EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/23 5:32 a.m.7 views

CVE-2024-3626 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gettemplatecontent function in all versions up to, and including, 5.7.17. This...

4.3CVSS6.6AI score0.00369EPSS
Exploits0References4
CVE
CVE
added 2024/05/23 5:32 a.m.77 views

CVE-2024-3626

CVE-2024-3626: The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin has a Missing Authorization flaw in get_template_content that allows authenticated users with subscriber access and above to read private and password‑protected po...

4.3CVSS4.6AI score0.00369EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/23 4:30 a.m.20 views

CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the exportentries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References3
CVE
CVE
added 2024/05/23 4:30 a.m.60 views

CVE-2023-6325

CVE-2023-6325 concerns the RomethemeForm For Elementor WordPress plugin. The vulnerability arises from a missing capability check in export_entries, rtformnewform, and rtformupdate, affecting all versions up to 1.1.5. Consequences include unauthenticated export of form submissions, creation of ne...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/23 4:30 a.m.15 views

CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the exportentries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS6.9AI score0.00378EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/05/23 12:0 a.m.14 views

Schema App Structured Data <= 2.2.0 - Missing Authorization

Description The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber access...

4.3CVSS4.6AI score0.00343EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.5 views

PT-2024-14928 · WordPress · Romethemeform For Elementor

Name of the Vulnerable Software and Affected Versions: RomethemeForm For Elementor plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows unauthorized access and modification of data due to a missing capability check on the export entries, rtformnewform, and...

5.3CVSS7.2AI score0.00378EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.5 views

PT-2024-26937 · Icegram Express · Email Subscribers

Name of the Vulnerable Software and Affected Versions: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin versions up to, and including, 5.7.17 Description: The issue allows authenticated attackers with subscriber access and above to...

4.3CVSS6.5AI score0.00369EPSS
Exploits0References6
CVE
CVE
added 2024/05/22 8:31 a.m.60 views

CVE-2024-2036

CVE-2024-2036 affects the WordPress plugin ApplyOnline – Application Form Builder and Manager. Root cause is a missing capability check on the aol_modal_box AJAX action, making data exposure possible for authenticated users with subscriber access or higher in all versions up to and including 2.6....

4.3CVSS5.9AI score0.00369EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/22 6:50 a.m.13 views

CVE-2024-3663 WP Scraper <= 5.7 - Missing Authorization to Arbitrary Page/Post Creation

The WP Scraper plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpscrapermultiscrapeaction function in all versions up to, and including, 5.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create...

4.3CVSS6.6AI score0.00343EPSS
Exploits0References3
CVE
CVE
added 2024/05/22 6:50 a.m.49 views

CVE-2024-3663

CVE-2024-3663 affects the WordPress plugin WP Scraper. A missing capability check in wp_scraper_multi_scrape_action() allows authenticated users with subscriber+ privileges to create arbitrary pages/posts on all versions up to 5.7. Impact per sources: unauthorized content creation within the site...

4.3CVSS4.8AI score0.00343EPSS
Exploits0References3
OSV
OSV
added 2024/05/22 4:15 a.m.2 views

CVE-2024-0451

The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openaifilelistcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to lis...

5CVSS5.8AI score0.00383EPSS
Exploits0References3
OSV
OSV
added 2024/05/22 4:15 a.m.6 views

CVE-2024-0452

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifileuploadcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

7.7CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2024/05/22 4:15 a.m.25 views

CVE-2024-0452

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifileuploadcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

7.7CVSS5.3AI score0.00363EPSS
Exploits0References3
OSV
OSV
added 2024/05/22 4:15 a.m.3 views

CVE-2024-0453

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifiledeletecallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

7.7CVSS5.8AI score
Exploits0References3
CVE
CVE
added 2024/05/22 3:17 a.m.59 views

CVE-2024-0453

CVE-2024-0453 describes a vulnerability in the WordPress plugin AI ChatBot for WordPress (WPBot) where a missing capability check in openai_file_delete_callback allows authenticated users with subscriber-level access and above to delete files from a linked OpenAI account. The issue affects all ve...

7.7CVSS5.2AI score0.00363EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder