5251 matches found
CVE-2024-4199
CVE-2024-4199 concerns the Bulk Posts Editing For WordPress plugin (all versions up to 4.2.3) with a missing capability check on AJAX actions, allowing authenticated users with subscriber+ privileges to invoke plugin functions. The Wordfence entry states unauthorized access could enable post crea...
Visualizer: Tables and Charts Manager for WordPress < 3.11.0 - Missing Authorization to Arbitrary SQL Execution
Description The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData function in all versions up to, and including, 3.10.15. This makes it possible for...
MC Woocommerce Wishlist < 1.7.3 - Missing Authorization
Description The WooCommerce Wishlist High customization, fast setup,Free Elementor Wishlist, most features plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.2. This makes it possible for...
If-So Dynamic Content Personalization < 1.7.1.1 - Missing Authorization
Description The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eddifsoclearlicense function in versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to clea...
Flo Forms <= 1.0.42 - Missing Authorization
Description The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.42. This makes it possible for unauthenticated attackers to perform an unauthorized action...
PT-2024-30595 · WordPress · Tutor Lms Pro
Name of the Vulnerable Software and Affected Versions: Tutor LMS Pro plugin for WordPress versions up to, and including, 2.7.0 Description: The issue allows for unauthorized access, modification, and loss of data due to a missing capability check on the authenticate function. This enables...
PT-2024-29678 · WordPress · Bulk Posts Editing For Wordpress
Name of the Vulnerable Software and Affected Versions: Bulk Posts Editing For WordPress plugin for WordPress versions up to, and including, 4.2.3 Description: The issue is related to a missing capability check on the plugin's AJAX actions. This allows authenticated attackers with subscriber acces...
CVE-2024-4445
The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-4445
The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-0870
The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savemailstatus' and 'saveemailsettings' functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to...
CVE-2024-4280
The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetplugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings...
CVE-2024-1693
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level acce...
CVE-2024-1229
The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybedisconnectsimpleshop function in all versions up to, and including, 2.10.2. This makes it possible for unauthenticated attackers to disconnect the SimpleSh...
CVE-2023-6327
The ShopLentor formerly WooLentor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchasednewproducts function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchas...
CVE-2024-4445 WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization
The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-4445 WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization
The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-0870
CVE-2024-0870 (YITH WooCommerce Gift Cards for WordPress) is an unauthenticated data-modification vulnerability caused by a missing capability check on save_mail_status and save_email_settings. Affected versions are all up to and including 4.12.0. The issue enables unauthenticated attackers to mo...
Email Subscribers by Icegram Express < 5.7.20 - Missing Authorization in handle_ajax_request
Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible f...
CVE-2024-4280
CVE-2024-4280 concerns the White Label CMS plugin for WordPress. The vulnerability arises from a missing capability check in the reset_plugin function, affecting all versions up to and including 2.7.3, which could allow unauthenticated attackers to reset plugin settings. The CVE is documented as ...
PT-2024-30172 · WordPress · White Label Cms
Name of the Vulnerable Software and Affected Versions: White Label CMS plugin for WordPress versions prior to 2.7.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the reset plugin function. This makes it possible for unauthenticated attackers ...