5251 matches found
CVE-2024-3606 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization
The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pmuploadcoverimage function in all versions up to, and including, 5.8.3. This makes it possible for authenticated...
CVE-2024-0629
The CVE-2024-0629 entry concerns the WordPress plugin “2Checkout Payment Gateway for WooCommerce.” All versions up to and including 6.2 are affected by an unauthorized data modification flaw caused by a missing capability check in the sniff_ins function, enabling unauthenticated attackers to alte...
CVE-2024-0629 2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins
The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniffins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to order...
CVE-2024-2797
The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for...
CVE-2024-2797
CVE-2024-2797 affects the MailerLite – Signup forms (official) plugin for WordPress. Unauthenticated attackers could change plugin settings due to missing capability checks in toggleRolesAndPermissions and editAllowedRolesAndPermissions across versions up to 1.7.6, potentially enabling lower-leve...
CVE-2024-3287 SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization
The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticate...
CVE-2024-3287
The CVE for SmartCrawl WordPress SEO checker (CVE-2024-3287) is tied to unauthorized ld+json description injection caused by a missing capability check in save_settings. Technical details from connected sources indicate the issue affects all versions up to and including 3.10.2, enabling unauthent...
CVE-2024-3287 SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization
The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticate...
CVE-2024-3295 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profilepicremove function in versions up to, and including, 3.1.5. This makes it possible for...
CVE-2024-3295 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profilepicremove function in versions up to, and including, 3.1.5. This makes it possible for...
CVE-2023-7067
CVE-2023-7067 affects ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules (formerly WooLentor) WordPress plugin. All versions through 2.8.1 are vulnerable to unauthorized modification of data due to a missing capability check in woolentor_template_store. An authenticated attack...
CVE-2023-7067 ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...
CVE-2023-7067 ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...
CVE-2024-2043
The CVE CVE-2024-2043 concerns the EleForms – All In One Form Integration including DB for Elementor WordPress plugin. A missing capability check when downloading form submissions allows unauthenticated users to view submissions in all versions up to and including 2.9.9.7. Root cause: absent auth...
CVE-2024-1677 Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Improper Authorization
The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and...
CVE-2024-1677 Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Improper Authorization
The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and...
CVE-2024-1677
CVE-2024-1677 affects the WordPress plugin Print Labels with Barcodes for WooCommerce. Root cause: improper capability checks on 42 AJAX functions, enabling authenticated users with subscriber access and above to fully control the plugin, including modifying settings, and creating, editing, retri...
CVE-2024-1688
CVE-2024-1688 affects the Woo Total Sales plugin for WordPress. The vulnerability is due to a missing capability check in get_orders_archive(), allowing unauthenticated attackers to retrieve sales reports. Impact: information exposure of store sales data across all versions up to and including 3....
CVE-2024-3599
CVE-2024-3599 affects WP Cookie Consent for WordPress (up to v3.0.2). Root cause: missing capability check in gdpr_policy_process_delete(). Vulnerability allows unauthenticated deletion of arbitrary posts. Remediation: upgrade to a version higher than 3.0.2 or apply vendor patch (details in conne...
CVE-2024-3599 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete...