Lucene search
K

5251 matches found

CVE
CVE
added 2024/05/15 1:56 a.m.41 views

CVE-2024-4199

CVE-2024-4199 concerns the Bulk Posts Editing For WordPress plugin (all versions up to 4.2.3) with a missing capability check on AJAX actions, allowing authenticated users with subscriber+ privileges to invoke plugin functions. The Wordfence entry states unauthorized access could enable post crea...

4.3CVSS6.2AI score0.00296EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.17 views

Visualizer: Tables and Charts Manager for WordPress < 3.11.0 - Missing Authorization to Arbitrary SQL Execution

Description The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for...

8.8CVSS7.3AI score0.00614EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.18 views

MC Woocommerce Wishlist < 1.7.3 - Missing Authorization

Description The WooCommerce Wishlist High customization, fast setup,Free Elementor Wishlist, most features plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.2. This makes it possible for...

5.3CVSS7AI score0.00408EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.17 views

If-So Dynamic Content Personalization < 1.7.1.1 - Missing Authorization

Description The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eddifsoclearlicense function in versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to clea...

6.5CVSS6.9AI score0.00437EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/15 12:0 a.m.16 views

Flo Forms <= 1.0.42 - Missing Authorization

Description The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.42. This makes it possible for unauthenticated attackers to perform an unauthorized action...

5.3CVSS5.1AI score0.00327EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.7 views

PT-2024-30595 · WordPress · Tutor Lms Pro

Name of the Vulnerable Software and Affected Versions: Tutor LMS Pro plugin for WordPress versions up to, and including, 2.7.0 Description: The issue allows for unauthorized access, modification, and loss of data due to a missing capability check on the authenticate function. This enables...

9CVSS7AI score0.01023EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.7 views

PT-2024-29678 · WordPress · Bulk Posts Editing For Wordpress

Name of the Vulnerable Software and Affected Versions: Bulk Posts Editing For WordPress plugin for WordPress versions up to, and including, 4.2.3 Description: The issue is related to a missing capability check on the plugin's AJAX actions. This allows authenticated attackers with subscriber acces...

4.3CVSS6.5AI score0.00296EPSS
Exploits0References4
OSV
OSV
added 2024/05/14 4:17 p.m.4 views

CVE-2024-4445

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS5.7AI score0.00343EPSS
Exploits0References3
NVD
NVD
added 2024/05/14 4:17 p.m.33 views

CVE-2024-4445

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...

6.5CVSS6.4AI score0.00343EPSS
Exploits0References3
NVD
NVD
added 2024/05/14 4:15 p.m.16 views

CVE-2024-0870

The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savemailstatus' and 'saveemailsettings' functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to...

5.3CVSS5.5AI score0.00504EPSS
Exploits0References2
NVD
NVD
added 2024/05/14 3:43 p.m.14 views

CVE-2024-4280

The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetplugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings...

5.3CVSS5.5AI score0.00425EPSS
Exploits0References2
NVD
NVD
added 2024/05/14 2:48 p.m.11 views

CVE-2024-1693

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS4.8AI score0.0042EPSS
Exploits0References2
NVD
NVD
added 2024/05/14 2:45 p.m.11 views

CVE-2024-1229

The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybedisconnectsimpleshop function in all versions up to, and including, 2.10.2. This makes it possible for unauthenticated attackers to disconnect the SimpleSh...

5.3CVSS5.5AI score0.00623EPSS
Exploits0References3
OSV
OSV
added 2024/05/14 2:33 p.m.4 views

CVE-2023-6327

The ShopLentor formerly WooLentor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchasednewproducts function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchas...

5.3CVSS5.8AI score0.00676EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/14 5:32 a.m.28 views

CVE-2024-4445 WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...

6.5CVSS7AI score0.00343EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/14 5:32 a.m.14 views

CVE-2024-4445 WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...

6.5CVSS6.4AI score0.00343EPSS
Exploits0References3
CVE
CVE
added 2024/05/14 2:38 a.m.45 views

CVE-2024-0870

CVE-2024-0870 (YITH WooCommerce Gift Cards for WordPress) is an unauthenticated data-modification vulnerability caused by a missing capability check on save_mail_status and save_email_settings. Affected versions are all up to and including 4.12.0. The issue enables unauthenticated attackers to mo...

5.3CVSS6AI score0.00504EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.18 views

Email Subscribers by Icegram Express < 5.7.20 - Missing Authorization in handle_ajax_request

Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible f...

8.8CVSS7.3AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/10 5:34 a.m.44 views

CVE-2024-4280

CVE-2024-4280 concerns the White Label CMS plugin for WordPress. The vulnerability arises from a missing capability check in the reset_plugin function, affecting all versions up to and including 2.7.3, which could allow unauthenticated attackers to reset plugin settings. The CVE is documented as ...

5.3CVSS6.6AI score0.00425EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.6 views

PT-2024-30172 · WordPress · White Label Cms

Name of the Vulnerable Software and Affected Versions: White Label CMS plugin for WordPress versions prior to 2.7.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the reset plugin function. This makes it possible for unauthenticated attackers ...

5.3CVSS7.2AI score0.00425EPSS
Exploits0References3
Rows per page
Query Builder