Lucene search
K

5253 matches found

NVD
NVD
added 2024/05/16 10:15 a.m.29 views

CVE-2024-4351

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...

8.8CVSS8.6AI score0.01023EPSS
Exploits0References2
CVE
CVE
added 2024/05/16 9:32 a.m.73 views

CVE-2024-4352

CVE-2024-4352 affects Tutor LMS Pro for WordPress. The Red Hat and NVD entries confirm a missing capability check in the function get_calendar_materials, enabling unauthorized access and data modification/loss. It also permits SQL Injection via the year parameter due to insufficient escaping and ...

8.8CVSS7AI score0.01183EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/16 9:32 a.m.86 views

CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'getcalendarmaterials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...

8.8CVSS8.8AI score0.01183EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/16 9:32 a.m.28 views

CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...

7.3CVSS7.4AI score0.00329EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/16 9:32 a.m.103 views

CVE-2024-4351 Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...

8.8CVSS8.8AI score0.01023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/16 9:32 a.m.18 views

CVE-2024-4351 Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...

8.8CVSS6.8AI score0.01023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/16 9:32 a.m.19 views

CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...

7.3CVSS6.8AI score0.00329EPSS
Exploits0References2
CVE
CVE
added 2024/05/16 9:32 a.m.71 views

CVE-2024-4222

CVE-2024-4222 affects the Tutor LMS Pro WordPress plugin. A missing capability check in multiple functions allows unauthenticated attackers to add, modify or delete user meta and plugin options across versions up to 2.7.0. The issue enables unauthorized data access/modification and data loss. Rem...

8.2CVSS6.6AI score0.00329EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/05/16 9:15 a.m.32 views

CVE-2024-4223

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete...

9.8CVSS9.4AI score0.00522EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/16 8:32 a.m.16 views

CVE-2024-4223 Tutor LMS <= 2.7.0 - Missing Authorization

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete...

9.8CVSS6.8AI score0.00522EPSS
Exploits0References2
CVE
CVE
added 2024/05/16 8:32 a.m.62 views

CVE-2024-4223

CVE-2024-4223 affects Tutor LMS – eLearning and online course solution (WordPress plugin) up to version 2.7.0. A missing capability check enables unauthenticated attackers to add, modify, or delete data via HTTP requests (network vector). Wordfence lists a patched status for this CVE, indicating ...

9.8CVSS6.6AI score0.00522EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/05/16 3:15 a.m.25 views

CVE-2024-3750

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...

8.8CVSS8.8AI score0.00614EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/16 2:36 a.m.16 views

CVE-2024-3750 Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...

8.8CVSS7.2AI score0.00614EPSS
Exploits0References4
CVE
CVE
added 2024/05/16 2:36 a.m.69 views

CVE-2024-3750

CVE-2024-3750 affects Visualizer: Tables and Charts Manager for WordPress. Root cause: missing capability check in getQueryData() across all versions up to 3.10.15, enabling authenticated users with subscriber-level access and above to run arbitrary SQL queries, with potential privilege escalatio...

8.8CVSS7.1AI score0.00614EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2024/05/16 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-4351

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.01023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.8 views

PT-2024-26890 · WordPress · Reviewx

Name of the Vulnerable Software and Affected Versions: The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress versions prior to 1.6.28 Description: The issue allows authenticated attackers with subscriber access and above to delete attachments due to a missing capabili...

4.3CVSS6.7AI score0.0037EPSS
Exploits0References4
NVD
NVD
added 2024/05/15 9:15 a.m.18 views

CVE-2024-4010

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...

8.8CVSS8.9AI score0.00392EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/15 8:34 a.m.13 views

CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...

8.8CVSS7.7AI score0.00392EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/15 8:34 a.m.25 views

CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...

8.8CVSS9AI score0.00392EPSS
Exploits0References2
CVE
CVE
added 2024/05/15 8:34 a.m.43 views

CVE-2024-4010

CVE-2024-4010 affects the WordPress plugin Email Subscribers by Icegram Express (all versions up to 5.7.19). The root cause is a missing capability check in handle_ajax_request, enabling authenticated users with subscriber-level access and above to perform unauthorized actions that compromise con...

8.8CVSS9.4AI score0.00392EPSS
Exploits0References2
Rows per page
Query Builder