Lucene search
K

5251 matches found

NVD
NVD
added 2024/05/02 5:15 p.m.17 views

CVE-2023-7067

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

4.3CVSS4.3AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2024/05/02 5:15 p.m.5 views

CVE-2023-7067

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

4.3CVSS5.8AI score0.0034EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/05/02 5:15 p.m.5 views

CVE-2023-7067

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

4.3CVSS5.4AI score0.0034EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.27 views

CVE-2024-3601 Poll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Email Enumeration

The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspollcreateauthor function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to extract email...

5.3CVSS5.3AI score0.00584EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.58 views

CVE-2024-3553

CVE-2024-3553 affects Tutor LMS for WordPress up to version 2.6.2. Root cause: hide_notices() lacked a proper capability check, enabling any authenticated user to modify users_can_register and enable registration via the admin page. Patch v2.7.0 adds current_user_can('manage_options') in addition...

6.5CVSS6.6AI score0.00466EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.38 views

CVE-2024-3553 Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hidenotices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to enable us...

6.5CVSS6.4AI score0.00466EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.16 views

CVE-2024-3936 The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for...

4.3CVSS5.9AI score0.0056EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.20 views

CVE-2024-3897 Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure

The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspbcreateauthor AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all...

5.3CVSS5.9AI score0.00623EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.82 views

CVE-2023-6731

CVE-2023-6731 affects the WP Show Posts plugin for WordPress. The issue is a missing capability check on multiple AJAX functions, present in all versions up to and including 1.1.5. This enables authenticated attackers with subscriber+ privileges to access data they should not be able to view, spe...

4.3CVSS6.4AI score0.00375EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.16 views

CVE-2023-6731 WP Show Posts <= 1.1.5 - Improper Authorization to Information Exposure

The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view arbitrary pos...

4.3CVSS6AI score0.00375EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.52 views

CVE-2024-1716

CVE-2024-1716 targets the Admin Bar Remover plugin for WordPress. Connected sources confirm a missing capability check in update_form() across all versions up to 1.0.2.2, enabling authenticated attackers with subscriber-level access and above to toggle the frontend admin bar on target sites. The ...

4.3CVSS6.3AI score0.00431EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.18 views

CVE-2024-3607 PropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletekeydate function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete...

4.3CVSS4.7AI score0.00619EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.9 views

CVE-2024-3607 PropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletekeydate function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete...

4.3CVSS6AI score0.00619EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.27 views

CVE-2024-2417 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the formsaveaction function in all versions up to, and including, 3.1.5. This makes it possible for...

8.8CVSS8.8AI score0.00938EPSS
Exploits0References3
CVE
CVE
added 2024/05/02 4:52 p.m.97 views

CVE-2024-2417

The CVE-2024-2417 entry affects the WordPress Plugin “User Registration – Custom Registration Form, Login Form, and User Profile” (versions up to 3.1.5). The root cause is a missing capability check in form_save_action(), allowing authenticated users with subscriber-level access and above to upda...

8.8CVSS8.8AI score0.00938EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.19 views

CVE-2024-2417 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the formsaveaction function in all versions up to, and including, 3.1.5. This makes it possible for...

8.8CVSS6AI score0.00938EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.12 views

CVE-2024-3233

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-lev...

4.3CVSS6.4AI score0.00445EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.22 views

CVE-2024-3233 Ivory Search – WordPress Search Plugin <= 5.5.5 - Missing Authorization to Authenticated (Subscriber+) Index Creation

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-lev...

4.3CVSS4.5AI score0.00445EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.64 views

CVE-2024-3233

CVE-2024-3233 affects the Ivory Search – WordPress Search Plugin. It lacks a capability check in ajax_create_index(), allowing authenticated users with subscriber-level access and above to trigger index creation and potentially modify data in all versions up to 5.5.5. The initial description stat...

4.3CVSS6.3AI score0.00445EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.12 views

CVE-2024-0629

The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniffins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to order...

5.3CVSS6.7AI score0.00397EPSS
Exploits0References2
Rows per page
Query Builder