5256 matches found
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce < 5.7.18 - Missing Authorization
Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gettemplatecontent function in all versions up to, and including,...
PT-2024-15571 · WordPress · Ai Chatbot
Name of the Vulnerable Software and Affected Versions: AI ChatBot plugin for WordPress versions up to, and including, 5.3.4 Description: The issue is related to a missing capability check on the openai file upload callback function, allowing authenticated attackers with subscriber-level access an...
CVE-2024-3268
CVE-2024-3268 : The WordPress plugin “YouTube Video Gallery by YouTube Showcase – Video Gallery” is vulnerable to unauthorized modification of data due to a missing capability check in emd_form_builder_lite_submit_form. The issue affects all versions up to 3.3.6, enabling unauthenticated attacker...
CVE-2024-4875
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajaxdismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with...
CVE-2024-4566
The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to set...
CVE-2024-4566
CVE-2024-4566 affects ShopLentor – WooCommerce Builder for WordPress. Wordfence and Red Hat entries confirm a missing capability check in ajax_dismiss across all versions
CVE-2024-4875 HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajaxdismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with...
CVE-2024-4875
CVE-2024-4875 affects the HT Mega – Absolute Addons For Elementor WordPress plugin. A missing capability check in ajax_dismiss in versions up to 2.5.2 allows authenticated users with subscriber-level permissions and above to modify options such as users_can_register, enabling unauthorized user re...
AI ChatBot < 5.3.6 - Missing Authorization via openai_file_delete_callback
Description The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifiledeletecallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level acce...
ShopLentor < 2.8.9 - Authenticated Option Update
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function. This makes it possible for authenticated attackers, with contributor-level access and above, to set arbitrary WordPress options to "true". NOTE: This...
HT Mega < 2.5.3 - Subscriber+ Options Update
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxdismiss' function, allowing authenticated attackers, with subscriber-level permissions and above, to update options such as userscanregister, which can lead to unauthorized user...
PT-2024-24765 · WordPress · The Youtube Video Gallery By Youtube Showcase
Name of the Vulnerable Software and Affected Versions: The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress versions up to, and including, 3.3.6 Description: The issue allows unauthorized modification of data due to a missing capability check on the emd form builder...
PT-2024-31719 · Unknown +1 · Woocommerce +1
Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions up to, and including, 2.8.8 Description: The issue is related to a missing capability check on the ajax dismiss function, which allows authenticated attackers with contributor-level access and above to...
Fastly < 1.2.26 - Missing Authorization via AJAX actions
Description The Fastly plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the plugin's AJAX actions in versions up to, and including, 1.2.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
VulnCheck KEV: CVE-2024-2782
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...
VulnCheck KEV: CVE-2024-2771
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This...
CVE-2024-2771
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...
CVE-2024-2771 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...
CVE-2024-2771
CVE-2024-2771 affects the Contact Form Plugin by Fluent Forms for WordPress. The issue is an unauthenticated privilege-escalation caused by a missing capability check on the REST endpoint /wp-json/fluentform/v1/managers. Vulnerable in all versions up to 5.1.16, allowing an unauthenticated attacke...
CVE-2024-3609
The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewxremoveguestimage function in all versions up to, and including, 1.6.27. This makes it possible for authenticated...