Lucene search
K

5251 matches found

Cvelist
Cvelist
added 2024/05/02 4:52 p.m.27 views

CVE-2024-3606 ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization

The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pmuploadcoverimage function in all versions up to, and including, 5.8.3. This makes it possible for authenticated...

4.3CVSS4.6AI score0.00454EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.64 views

CVE-2024-0629

The CVE-2024-0629 entry concerns the WordPress plugin “2Checkout Payment Gateway for WooCommerce.” All versions up to and including 6.2 are affected by an unauthorized data modification flaw caused by a missing capability check in the sniff_ins function, enabling unauthenticated attackers to alte...

5.3CVSS6.6AI score0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.35 views

CVE-2024-0629 2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins

The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniffins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to order...

5.3CVSS5.4AI score0.00397EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.13 views

CVE-2024-2797

The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for...

5.3CVSS6.7AI score0.00504EPSS
Exploits0References3
CVE
CVE
added 2024/05/02 4:52 p.m.54 views

CVE-2024-2797

CVE-2024-2797 affects the MailerLite – Signup forms (official) plugin for WordPress. Unauthenticated attackers could change plugin settings due to missing capability checks in toggleRolesAndPermissions and editAllowedRolesAndPermissions across versions up to 1.7.6, potentially enabling lower-leve...

5.3CVSS6.6AI score0.00504EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.11 views

CVE-2024-3287 SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticate...

5.3CVSS5.9AI score0.00565EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.63 views

CVE-2024-3287

The CVE for SmartCrawl WordPress SEO checker (CVE-2024-3287) is tied to unauthorized ld+json description injection caused by a missing capability check in save_settings. Technical details from connected sources indicate the issue affects all versions up to and including 3.10.2, enabling unauthent...

5.3CVSS6.9AI score0.00565EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.23 views

CVE-2024-3287 SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization

The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for unauthenticate...

5.3CVSS5.6AI score0.00565EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.9 views

CVE-2024-3295 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profilepicremove function in versions up to, and including, 3.1.5. This makes it possible for...

6.5CVSS5.9AI score0.0091EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.28 views

CVE-2024-3295 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profilepicremove function in versions up to, and including, 3.1.5. This makes it possible for...

6.5CVSS6.4AI score0.0091EPSS
Exploits0References4
CVE
CVE
added 2024/05/02 4:52 p.m.70 views

CVE-2023-7067

CVE-2023-7067 affects ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules (formerly WooLentor) WordPress plugin. All versions through 2.8.1 are vulnerable to unauthorized modification of data due to a missing capability check in woolentor_template_store. An authenticated attack...

4.3CVSS6.3AI score0.0034EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.21 views

CVE-2023-7067 ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

4.3CVSS4.6AI score0.0034EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.12 views

CVE-2023-7067 ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

4.3CVSS5.9AI score0.0034EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.189 views

CVE-2024-2043

The CVE CVE-2024-2043 concerns the EleForms – All In One Form Integration including DB for Elementor WordPress plugin. A missing capability check when downloading form submissions allows unauthenticated users to view submissions in all versions up to and including 2.9.9.7. Root cause: absent auth...

5.3CVSS6.6AI score0.00532EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.29 views

CVE-2024-1677 Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Improper Authorization

The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and...

6.3CVSS6.5AI score0.00514EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.17 views

CVE-2024-1677 Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Improper Authorization

The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and...

6.3CVSS5.9AI score0.00514EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.60 views

CVE-2024-1677

CVE-2024-1677 affects the WordPress plugin Print Labels with Barcodes for WooCommerce. Root cause: improper capability checks on 42 AJAX functions, enabling authenticated users with subscriber access and above to fully control the plugin, including modifying settings, and creating, editing, retri...

8.8CVSS6.6AI score0.00514EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/05/02 4:52 p.m.49 views

CVE-2024-1688

CVE-2024-1688 affects the Woo Total Sales plugin for WordPress. The vulnerability is due to a missing capability check in get_orders_archive(), allowing unauthenticated attackers to retrieve sales reports. Impact: information exposure of store sales data across all versions up to and including 3....

5.3CVSS6.6AI score0.00457EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.70 views

CVE-2024-3599

CVE-2024-3599 affects WP Cookie Consent for WordPress (up to v3.0.2). Root cause: missing capability check in gdpr_policy_process_delete(). Vulnerability allows unauthenticated deletion of arbitrary posts. Remediation: upgrade to a version higher than 3.0.2 or apply vendor patch (details in conne...

5.3CVSS6.7AI score0.0053EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.19 views

CVE-2024-3599 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete...

5.3CVSS5.4AI score0.0053EPSS
Exploits0References2
Rows per page
Query Builder