5253 matches found
CVE-2024-4351
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...
CVE-2024-4352
CVE-2024-4352 affects Tutor LMS Pro for WordPress. The Red Hat and NVD entries confirm a missing capability check in the function get_calendar_materials, enabling unauthorized access and data modification/loss. It also permits SQL Injection via the year parameter due to insufficient escaping and ...
CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'getcalendarmaterials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to...
CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...
CVE-2024-4351 Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...
CVE-2024-4351 Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...
CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or dele...
CVE-2024-4222
CVE-2024-4222 affects the Tutor LMS Pro WordPress plugin. A missing capability check in multiple functions allows unauthenticated attackers to add, modify or delete user meta and plugin options across versions up to 2.7.0. The issue enables unauthorized data access/modification and data loss. Rem...
CVE-2024-4223
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete...
CVE-2024-4223 Tutor LMS <= 2.7.0 - Missing Authorization
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete...
CVE-2024-4223
CVE-2024-4223 affects Tutor LMS – eLearning and online course solution (WordPress plugin) up to version 2.7.0. A missing capability check enables unauthenticated attackers to add, modify, or delete data via HTTP requests (network vector). Wordfence lists a patched status for this CVE, indicating ...
CVE-2024-3750
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...
CVE-2024-3750 Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...
CVE-2024-3750
CVE-2024-3750 affects Visualizer: Tables and Charts Manager for WordPress. Root cause: missing capability check in getQueryData() across all versions up to 3.10.15, enabling authenticated users with subscriber-level access and above to run arbitrary SQL queries, with potential privilege escalatio...
VulnCheck KEV: CVE-2024-4351
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with...
PT-2024-26890 · WordPress · Reviewx
Name of the Vulnerable Software and Affected Versions: The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress versions prior to 1.6.28 Description: The issue allows authenticated attackers with subscriber access and above to delete attachments due to a missing capabili...
CVE-2024-4010
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...
CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...
CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...
CVE-2024-4010
CVE-2024-4010 affects the WordPress plugin Email Subscribers by Icegram Express (all versions up to 5.7.19). The root cause is a missing capability check in handle_ajax_request, enabling authenticated users with subscriber-level access and above to perform unauthorized actions that compromise con...