5251 matches found
CVE-2023-7067
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...
CVE-2023-7067
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...
CVE-2023-7067
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...
CVE-2024-3601 Poll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Email Enumeration
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspollcreateauthor function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to extract email...
CVE-2024-3553
CVE-2024-3553 affects Tutor LMS for WordPress up to version 2.6.2. Root cause: hide_notices() lacked a proper capability check, enabling any authenticated user to modify users_can_register and enable registration via the admin page. Patch v2.7.0 adds current_user_can('manage_options') in addition...
CVE-2024-3553 Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hidenotices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to enable us...
CVE-2024-3936 The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization
The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for...
CVE-2024-3897 Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure
The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspbcreateauthor AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all...
CVE-2023-6731
CVE-2023-6731 affects the WP Show Posts plugin for WordPress. The issue is a missing capability check on multiple AJAX functions, present in all versions up to and including 1.1.5. This enables authenticated attackers with subscriber+ privileges to access data they should not be able to view, spe...
CVE-2023-6731 WP Show Posts <= 1.1.5 - Improper Authorization to Information Exposure
The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view arbitrary pos...
CVE-2024-1716
CVE-2024-1716 targets the Admin Bar Remover plugin for WordPress. Connected sources confirm a missing capability check in update_form() across all versions up to 1.0.2.2, enabling authenticated attackers with subscriber-level access and above to toggle the frontend admin bar on target sites. The ...
CVE-2024-3607 PropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletekeydate function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete...
CVE-2024-3607 PropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletekeydate function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete...
CVE-2024-2417 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the formsaveaction function in all versions up to, and including, 3.1.5. This makes it possible for...
CVE-2024-2417
The CVE-2024-2417 entry affects the WordPress Plugin “User Registration – Custom Registration Form, Login Form, and User Profile” (versions up to 3.1.5). The root cause is a missing capability check in form_save_action(), allowing authenticated users with subscriber-level access and above to upda...
CVE-2024-2417 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the formsaveaction function in all versions up to, and including, 3.1.5. This makes it possible for...
CVE-2024-3233
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-lev...
CVE-2024-3233 Ivory Search – WordPress Search Plugin <= 5.5.5 - Missing Authorization to Authenticated (Subscriber+) Index Creation
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-lev...
CVE-2024-3233
CVE-2024-3233 affects the Ivory Search – WordPress Search Plugin. It lacks a capability check in ajax_create_index(), allowing authenticated users with subscriber-level access and above to trigger index creation and potentially modify data in all versions up to 5.5.5. The initial description stat...
CVE-2024-0629
The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniffins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to order...