Lucene search
K

5251 matches found

WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.8 views

SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update

Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with...

4.3CVSS6.8AI score0.0042EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.15 views

Debug Log Manager < 2.3.2 - Missing Authorization via toggle_debugging

Description The Debug Log Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggledebugging function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.7AI score0.00337EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.14 views

WooCommerce AWeber Newsletter Subscription < 4.0.3 - Missing Authorization to Access Token Modification

Description The WooCommerce AWeber Newsletter Subscription plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 4.0.2. This makes it possible for unauthenticated attackers to reset and change...

6.5CVSS6.8AI score0.00475EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.24 views

RomethemeKit For Elementor < 1.4.2 - Missing Authorization

Description The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addNewPost function in versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to add new posts...

6.5CVSS6.7AI score0.00438EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.9 views

Google Typography <= 1.1.2 - Missing Authorization

Description The Google Typography plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

4.3CVSS6.3AI score0.00445EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.17 views

WP Post Author <= 3.6.5 - Missing Authorization

Description The WP Post Author plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function allowing authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...

4.3CVSS4.8AI score0.00358EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.18 views

Post Grid Master < 3.4.8 - Missing Authorization

Description The Post Grid Master plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ampostgridloadpostsajaxfunctions function in versions up to, and including, 3.4.7. This makes it possible for unauthenticated attackers to load posts...

5.3CVSS6.7AI score0.00449EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.18 views

Custom WooCommerce Checkout Fields Editor < 1.3.2 - Missing Authorization

Description The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.4AI score0.00441EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/04 7:36 a.m.12 views

CVE-2024-1050 Import and export users and customers <= 1.26.5 - Missing Authorization

The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxforceresetpassworddeletemetas function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers,...

4.3CVSS5.9AI score0.00431EPSS
Exploits0References3
CVE
CVE
added 2024/05/04 3:31 a.m.64 views

CVE-2024-3237

CVE-2024-3237 affects ConvertPlug/ConvertPlus for WordPress: all versions up to 3.5.25 lack a capability check in cp_dismiss_notice(), enabling authenticated users with subscriber-level access and higher to modify arbitrary options to true. Red Hat and Wordfence references confirm the vulnerabili...

5.4CVSS6.5AI score0.00368EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/04 3:31 a.m.27 views

CVE-2024-3237 ConvertPlug <= 3.5.25 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update

The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cpdismissnotice function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

5.4CVSS6.5AI score0.00368EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/03 12:0 a.m.10 views

ConvertPlug < 3.5.26 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update

Description The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cpdismissnotice function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and...

5.4CVSS6.6AI score0.00368EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.4 views

PT-2024-16320 · WordPress · Export/Import Users/Customers

Name of the Vulnerable Software and Affected Versions: Import and export users and customers plugin for WordPress versions up to, and including, 1.26.5 Description: The issue is related to a missing capability check on the ajax force reset password delete metas function, allowing authenticated...

4.3CVSS6.8AI score0.00431EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.4 views

PT-2024-24538 · WordPress · Convertplug

Name of the Vulnerable Software and Affected Versions: ConvertPlug plugin for WordPress versions up to, and including, 3.5.25 Description: The issue is related to a missing capability check on the cp dismiss notice function, allowing authenticated attackers with subscriber-level access and above ...

5.4CVSS6.8AI score0.00368EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/05/03 12:0 a.m.17 views

Metform Elementor Contact Form Builder < 3.8.4 - Missing Authorization to Notice Dismissal

Description The Metform Elementor Contact Form Builder is vulnerable to unauthorized modification of data due to a missing capability check on the dismissajaxcall function. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices...

8.8CVSS6.8AI score0.00439EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/02 5:15 p.m.20 views

CVE-2024-3895

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS8.4AI score0.00911EPSS
Exploits0References4
NVD
NVD
added 2024/05/02 5:15 p.m.26 views

CVE-2024-3942

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

6.3CVSS6.2AI score0.00384EPSS
Exploits0References2
OSV
OSV
added 2024/05/02 5:15 p.m.2 views

CVE-2024-3607

The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletekeydate function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete...

4.3CVSS5.9AI score0.00619EPSS
Exploits0References2
OSV
OSV
added 2024/05/02 5:15 p.m.6 views

CVE-2024-3606

The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pmuploadcoverimage function in all versions up to, and including, 5.8.3. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00454EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 5:15 p.m.11 views

CVE-2024-3607

The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletekeydate function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete...

4.3CVSS4.4AI score0.00619EPSS
Exploits0References2
Rows per page
Query Builder