Lucene search
K

5256 matches found

WPVulnDB
WPVulnDB
added 2024/05/22 12:0 a.m.14 views

Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce < 5.7.18 - Missing Authorization

Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gettemplatecontent function in all versions up to, and including,...

4.3CVSS9AI score0.00369EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.7 views

PT-2024-15571 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot plugin for WordPress versions up to, and including, 5.3.4 Description: The issue is related to a missing capability check on the openai file upload callback function, allowing authenticated attackers with subscriber-level access an...

7.7CVSS6.3AI score0.00363EPSS
Exploits0References8
CVE
CVE
added 2024/05/21 11:33 a.m.69 views

CVE-2024-3268

CVE-2024-3268 : The WordPress plugin “YouTube Video Gallery by YouTube Showcase – Video Gallery” is vulnerable to unauthorized modification of data due to a missing capability check in emd_form_builder_lite_submit_form. The issue affects all versions up to 3.3.6, enabling unauthenticated attacker...

5.3CVSS5.6AI score0.00326EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/05/21 9:15 a.m.8 views

CVE-2024-4875

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajaxdismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00755EPSS
Exploits1References3
OSV
OSV
added 2024/05/21 9:15 a.m.4 views

CVE-2024-4566

The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to set...

7.1CVSS5.8AI score0.00406EPSS
Exploits0References3
CVE
CVE
added 2024/05/21 8:31 a.m.69 views

CVE-2024-4566

CVE-2024-4566 affects ShopLentor – WooCommerce Builder for WordPress. Wordfence and Red Hat entries confirm a missing capability check in ajax_dismiss across all versions

7.1CVSS6.4AI score0.00406EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/05/21 8:31 a.m.33 views

CVE-2024-4875 HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajaxdismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with...

4.3CVSS4.7AI score0.00755EPSS
Exploits1References3
CVE
CVE
added 2024/05/21 8:31 a.m.66 views

CVE-2024-4875

CVE-2024-4875 affects the HT Mega – Absolute Addons For Elementor WordPress plugin. A missing capability check in ajax_dismiss in versions up to 2.5.2 allows authenticated users with subscriber-level permissions and above to modify options such as users_can_register, enabling unauthorized user re...

4.3CVSS6.3AI score0.00755EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.11 views

AI ChatBot < 5.3.6 - Missing Authorization via openai_file_delete_callback

Description The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifiledeletecallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level acce...

7.7CVSS6.4AI score0.00363EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.8 views

ShopLentor < 2.8.9 - Authenticated Option Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function. This makes it possible for authenticated attackers, with contributor-level access and above, to set arbitrary WordPress options to "true". NOTE: This...

7.1CVSS6.6AI score0.00406EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.12 views

HT Mega < 2.5.3 - Subscriber+ Options Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxdismiss' function, allowing authenticated attackers, with subscriber-level permissions and above, to update options such as userscanregister, which can lead to unauthorized user...

4.3CVSS6.5AI score0.00755EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/21 12:0 a.m.5 views

PT-2024-24765 · WordPress · The Youtube Video Gallery By Youtube Showcase

Name of the Vulnerable Software and Affected Versions: The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress versions up to, and including, 3.3.6 Description: The issue allows unauthorized modification of data due to a missing capability check on the emd form builder...

5.3CVSS7AI score0.00326EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/21 12:0 a.m.6 views

PT-2024-31719 · Unknown +1 · Woocommerce +1

Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions up to, and including, 2.8.8 Description: The issue is related to a missing capability check on the ajax dismiss function, which allows authenticated attackers with contributor-level access and above to...

7.1CVSS6.8AI score0.00406EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/05/20 12:0 a.m.24 views

Fastly < 1.2.26 - Missing Authorization via AJAX actions

Description The Fastly plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the plugin's AJAX actions in versions up to, and including, 1.2.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

5.3CVSS6.1AI score0.00364EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/05/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-2782

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...

7.5CVSS5.8AI score0.0123EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/05/20 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This...

9.8CVSS5.8AI score0.02333EPSS
Exploits1References1
NVD
NVD
added 2024/05/18 8:15 a.m.38 views

CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...

9.8CVSS6.9AI score0.02333EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/05/18 7:38 a.m.48 views

CVE-2024-2771 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes ...

9.8CVSS7.2AI score0.02333EPSS
Exploits1References2
CVE
CVE
added 2024/05/18 7:38 a.m.193 views

CVE-2024-2771

CVE-2024-2771 affects the Contact Form Plugin by Fluent Forms for WordPress. The issue is an unauthenticated privilege-escalation caused by a missing capability check on the REST endpoint /wp-json/fluentform/v1/managers. Vulnerable in all versions up to 5.1.16, allowing an unauthenticated attacke...

9.8CVSS7.7AI score0.02333EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/05/16 9:16 p.m.21 views

CVE-2024-3609

The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewxremoveguestimage function in all versions up to, and including, 1.6.27. This makes it possible for authenticated...

4.3CVSS4.7AI score0.0037EPSS
Exploits0References2
Rows per page
Query Builder