Lucene search
K

5256 matches found

CVE
CVE
added 2024/05/02 4:52 p.m.190 views

CVE-2024-2043

The CVE CVE-2024-2043 concerns the EleForms – All In One Form Integration including DB for Elementor WordPress plugin. A missing capability check when downloading form submissions allows unauthenticated users to view submissions in all versions up to and including 2.9.9.7. Root cause: absent auth...

5.3CVSS6.6AI score0.00532EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/05/02 4:52 p.m.61 views

CVE-2024-1677

CVE-2024-1677 affects the WordPress plugin Print Labels with Barcodes for WooCommerce. Root cause: improper capability checks on 42 AJAX functions, enabling authenticated users with subscriber access and above to fully control the plugin, including modifying settings, and creating, editing, retri...

8.8CVSS6.6AI score0.00514EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/05/02 4:52 p.m.49 views

CVE-2024-1688

CVE-2024-1688 affects the Woo Total Sales plugin for WordPress. The vulnerability is due to a missing capability check in get_orders_archive(), allowing unauthenticated attackers to retrieve sales reports. Impact: information exposure of store sales data across all versions up to and including 3....

5.3CVSS6.6AI score0.00457EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.70 views

CVE-2024-3599

CVE-2024-3599 affects WP Cookie Consent for WordPress (up to v3.0.2). Root cause: missing capability check in gdpr_policy_process_delete(). Vulnerability allows unauthenticated deletion of arbitrary posts. Remediation: upgrade to a version higher than 3.0.2 or apply vendor patch (details in conne...

5.3CVSS6.7AI score0.0053EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.19 views

CVE-2024-3599 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete...

5.3CVSS5.4AI score0.0053EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.27 views

CVE-2024-3071 ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS5.1AI score0.00361EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.51 views

CVE-2024-3071

CVE-2024-3071 affects the ACF On-The-Go plugin for WordPress. The issue is a missing capability check in acfg_update_fields(), making authenticated users with subscriber level access and above able to modify arbitrary post titles, descriptions, and ACF values in all versions up to 1.0.1. Publicly...

4.3CVSS6.5AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.23 views

CVE-2024-3895 WP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS8.5AI score0.00911EPSS
Exploits0References4
CVE
CVE
added 2024/05/02 4:52 p.m.62 views

CVE-2024-3895

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in wpdp_add_new_datepicker_ajax() across all versions up to 2.1.0. Authenticated attackers with subscriber-level access and above can update arbitrary options that may lead ...

8.8CVSS6.5AI score0.00911EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.8 views

CVE-2024-3895 WP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS6AI score0.00911EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/02 4:51 p.m.10 views

CVE-2024-3546 WordPress Backup & Migration <= 1.4.8 - Missing Authorization to Directory Traversal

The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpmgdppopulatepopup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above...

4.3CVSS6AI score0.00491EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:51 p.m.54 views

CVE-2024-3546

CVE-2024-3546 affects the WordPress Backup & Migration plugin (wp-migration-duplicator) for WordPress, up to version 1.4.8. The root cause is a missing capability check in wp_mgdp_populate_popup, enabling authenticated attackers with subscriber access or higher to invoke the function and access l...

4.3CVSS6.4AI score0.00491EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:51 p.m.23 views

CVE-2024-3546 WordPress Backup & Migration <= 1.4.8 - Missing Authorization to Directory Traversal

The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpmgdppopulatepopup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above...

4.3CVSS4.7AI score0.00491EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:51 p.m.51 views

CVE-2024-1584

CVE-2024-1584 affects Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy). The issue is a missing capability check in wpa_check_authentication across all versions up to 5.2.1, enabling unauthorized modification of the site’s Google Analytics tracking ID by unauthenticat...

5.3CVSS6.5AI score0.00435EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/02 4:51 p.m.48 views

CVE-2024-3206

The CVE CVE-2024-3206 concerns the WordPress plugin "Different Menu in Different Pages – Control Menu Visibility (All in One)". The vulnerability arises from a missing capability check in the ajax() function across all versions up to 2.3.2, enabling authenticated attackers with subscriber-level a...

4.3CVSS6.3AI score0.0056EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/02 4:51 p.m.19 views

CVE-2024-3206 Different Menu in Different Pages – Control Menu Visibility (All in One) <= 2.3.2 - Missing Authorization to Menu Duplication

The Different Menu in Different Pages – Control Menu Visibility All in One plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax function in all versions up to, and including, 2.3.2. This makes it possible for authenticated attackers, with...

4.3CVSS5AI score0.0056EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/02 4:51 p.m.21 views

CVE-2024-3520 Country State City Dropdown CF7 <= 2.7.1 - Missing Authorization

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tccscapatchsettings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber access...

4.3CVSS4.6AI score0.00445EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:51 p.m.67 views

CVE-2024-3520

The Country State City Dropdown CF7 WordPress plugin has a root-cause issue: a missing capability check in tc_csca_patch_settings leading to unauthorized data modification. Affected versions are all up to 2.7.1; authenticated users with subscriber rights and above can add states/cities to the dro...

4.3CVSS6.4AI score0.00445EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:51 p.m.76 views

CVE-2024-3585

CVE-2024-3585 describes a vulnerability in the Send PDF for Contact Form 7 plugin for WordPress. It permits unauthenticated access to form submissions (including PDFs) due to a missing capability check on the hooks function in all versions up to and including 1.0.2.3, enabling information exposur...

5.3CVSS5AI score0.00691EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/02 4:51 p.m.14 views

CVE-2024-3581 MaxGalleria <= 6.4.2 - Missing Authorization

The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the addmedialibraryimagestogallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or above, to...

4.3CVSS6AI score0.00609EPSS
Exploits0References3
Rows per page
Query Builder