Lucene search
K

5256 matches found

Vulnrichment
Vulnrichment
added 2024/05/14 5:32 a.m.14 views

CVE-2024-4445 WP Compress – Image Optimizer [All-In-One] <= 6.20.01 - Missing Authorization

The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level...

6.5CVSS6.4AI score0.00343EPSS
Exploits0References3
CVE
CVE
added 2024/05/14 2:38 a.m.45 views

CVE-2024-0870

CVE-2024-0870 (YITH WooCommerce Gift Cards for WordPress) is an unauthenticated data-modification vulnerability caused by a missing capability check on save_mail_status and save_email_settings. Affected versions are all up to and including 4.12.0. The issue enables unauthenticated attackers to mo...

5.3CVSS6AI score0.00504EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.18 views

Email Subscribers by Icegram Express < 5.7.20 - Missing Authorization in handle_ajax_request

Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible f...

8.8CVSS7.3AI score0.00392EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/10 5:34 a.m.44 views

CVE-2024-4280

CVE-2024-4280 concerns the White Label CMS plugin for WordPress. The vulnerability arises from a missing capability check in the reset_plugin function, affecting all versions up to and including 2.7.3, which could allow unauthenticated attackers to reset plugin settings. The CVE is documented as ...

5.3CVSS6.6AI score0.00425EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.6 views

PT-2024-30172 · WordPress · White Label Cms

Name of the Vulnerable Software and Affected Versions: White Label CMS plugin for WordPress versions prior to 2.7.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the reset plugin function. This makes it possible for unauthenticated attackers ...

5.3CVSS7.2AI score0.00425EPSS
Exploits0References3
CVE
CVE
added 2024/05/09 8:3 p.m.68 views

CVE-2024-3915

CVE-2024-3915 affects the Swift Framework WordPress plugin (versions up to and including 2.7.31). The root cause is a missing capability check in sf_edit_directory_item(), enabling unauthenticated attackers to modify arbitrary posts/content. Impact per available data is limited to integrity (LOW)...

5.3CVSS6.7AI score0.00377EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/09 8:3 p.m.13 views

CVE-2024-3722 Swift Performance Lite <= 2.3.6.18 - Incorrect Authorization to Authenticated (Subscriber+) Settings Modification

The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to retriev...

5.4CVSS6.5AI score0.00413EPSS
Exploits0References2
CVE
CVE
added 2024/05/09 8:3 p.m.24 views

CVE-2024-3722

The CVE-2024-3722 entry concerns the Swift Performance Lite WordPress plugin. It describes an unauthorized access vulnerability caused by a missing capability check in ajax_handler(), affecting all versions up to and including 2.3.6.18. The issue can be exploited by authenticated attackers with s...

5.4CVSS6.3AI score0.00413EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/09 8:3 p.m.14 views

CVE-2023-6327 ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products

The ShopLentor formerly WooLentor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchasednewproducts function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchas...

5.3CVSS6.7AI score0.00676EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/09 8:3 p.m.20 views

CVE-2024-1693 SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS6.6AI score0.0042EPSS
Exploits0References2
CVE
CVE
added 2024/05/09 8:3 p.m.30 views

CVE-2024-1693

The CVE-2024-1693 vulnerability affects the SP Project & Document Manager WordPress plugin. It arises from a missing capability check on the cdm_save_category AJAX action, enabling authenticated users with subscriber-level access and higher to rename arbitrary folders they do not own. Affected ve...

4.3CVSS6.4AI score0.0042EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/09 12:0 a.m.41 views

Max Mega Menu < 3.3.1 - Missing Authorization

Description The Max Mega Menu plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sandbox function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger the...

5.4CVSS6.7AI score0.00324EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.5 views

PT-2024-27388 · WordPress · Swift Performance Lite

Name of the Vulnerable Software and Affected Versions: Swift Performance Lite plugin for WordPress versions up to, and including, 2.3.6.18 Description: The issue allows authenticated attackers with subscriber-level access and above to retrieve and modify settings due to a missing capability check...

5.4CVSS7AI score0.00413EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/05/09 12:0 a.m.17 views

White Label CMS < 2.7.4 - Missing Authorization to Plugin Settings Reset

Description The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetplugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings...

5.3CVSS7AI score0.00425EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.4 views

PT-2024-17530 · WordPress · Simpleshop

Name of the Vulnerable Software and Affected Versions: SimpleShop plugin for WordPress versions prior to 2.10.3 Description: The issue arises from a missing capability check on the maybe disconnect simpleshop function, allowing unauthenticated attackers to disconnect SimpleShop. Recommendations:...

5.3CVSS7AI score0.00623EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.6 views

PT-2024-14930 · WordPress · Shoplentor

Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions up to, and including, 2.8.7 Description: The issue allows unauthorized access to data due to a missing capability check on the purchased new products function. This enables unauthenticated attackers to...

5.3CVSS6.9AI score0.00676EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.6 views

PT-2024-28362 · WordPress · Swift Framework

Name of the Vulnerable Software and Affected Versions: Swift Framework plugin for WordPress versions prior to 2.7.32 Description: The issue allows unauthorized modification of data due to a missing capability check on the sf edit directory item function. This enables unauthenticated attackers to...

5.3CVSS7.2AI score0.00377EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/05/08 12:0 a.m.13 views

Swift Performance Lite < 2.3.6.19 - Subscriber+ Settings Update

Description The plugin is vulnerable to unauthorized access due to a missing capability check on the ajaxhandler function, allowing authenticated attackers, with subscriber-level access and above, to retrieve and modify settings...

5.4CVSS6.2AI score0.00413EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/07 10:15 a.m.17 views

CVE-2023-6810

The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the getsettings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access and above, to...

4.3CVSS4.7AI score0.00367EPSS
Exploits0References2
CVE
CVE
added 2024/05/07 9:31 a.m.100 views

CVE-2023-6810

The CVE describes CVE-2023-6810: ClickCease Click Fraud Protection (WordPress) has an improper capability check in get_settings, allowing authenticated users with author access and above to retrieve the plugin’s API keys. Affected versions are up to 3.2.4. The Red Hat entry and Wordfence state th...

4.3CVSS6.3AI score0.00367EPSS
Exploits0References2
Rows per page
Query Builder