5251 matches found
PT-2024-24925 · WordPress · Smartcrawl
Name of the Vulnerable Software and Affected Versions: SmartCrawl WordPress SEO checker plugin versions up to, and including, 3.10.2 Description: The issue is related to unauthorized ld+json description injection due to a missing capability check on the save settings function. This allows...
PT-2024-20306 · WordPress · User Registration – Custom Registration Form
Name of the Vulnerable Software and Affected Versions: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin versions up to, and including, 3.1.5 Description: The issue is related to a missing capability check on the form save action function, allowing...
PT-2024-26508 · WordPress · Wordpress Backup & Migration
Name of the Vulnerable Software and Affected Versions: WordPress Backup & Migration plugin versions up to, and including, 1.4.8 Description: The issue allows authenticated attackers with subscriber access or above to access log files maintained by the plugin due to a missing capability check on t...
PT-2024-26879 · WordPress · Propertyhive
Name of the Vulnerable Software and Affected Versions: PropertyHive plugin for WordPress versions up to, and including, 2.0.12 Description: The issue is related to unauthorized loss of data due to a missing capability check on the delete key date function. This allows authenticated attackers with...
PT-2024-26846 · WordPress · The Poll Maker – Best Wordpress Poll Plugin
Name of the Vulnerable Software and Affected Versions: The Poll Maker – Best WordPress Poll Plugin versions up to, and including, 5.1.8 Description: The issue is related to unauthorized access of data due to a missing capability check on the ays poll create author function. This allows...
PT-2024-26761 · WordPress · Send Pdf For Contact Form 7
Name of the Vulnerable Software and Affected Versions: Send PDF for Contact Form 7 plugin for WordPress versions up to, and including, 1.0.2.3 Description: The issue allows unauthorized access to form submissions due to a missing capability check on the hooks function. This makes it possible for...
PT-2024-15705 · WordPress · 2Checkout Payment Gateway For Woocommerce
Name of the Vulnerable Software and Affected Versions: 2Checkout Payment Gateway for WooCommerce plugin for WordPress versions up to, and including, 6.2 Description: The issue is related to a missing capability check on the sniff ins function, allowing unauthenticated attackers to modify data,...
PT-2024-24511 · WordPress · The Ivory Search
Name of the Vulnerable Software and Affected Versions: The Ivory Search – WordPress Search Plugin versions up to, and including, 5.5.5 Description: The issue allows authenticated attackers with subscriber-level access and above to modify data without authorization due to a missing capability chec...
PT-2024-18224 · WordPress · Woo Total Sales
Name of the Vulnerable Software and Affected Versions: Woo Total Sales plugin for WordPress versions up to, and including, 3.1.4 Description: The issue is related to unauthorized access of data due to a missing capability check on the get orders archive function. This allows unauthenticated...
PT-2024-28469 · Unknown · The Post Grid – Shortcode
Name of the Vulnerable Software and Affected Versions: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin versions up to, and including, 7.6.1 Description: The issue allows authenticated attackers with subscriber access or higher to modify the plugin's settings a...
PT-2024-24996 · WordPress · User Registration – Custom Registration Form
Name of the Vulnerable Software and Affected Versions: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin versions up to, and including, 3.1.5 Description: The issue is related to unauthorized loss of data due to a missing capability check on the profile p...
PT-2024-15912 · WordPress · The Advanced Post Block – Display Posts
Name of the Vulnerable Software and Affected Versions: The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress versions up to, and including, 1.13.1 Description: The issue is related to unauthorized access of data due to a missing capability check on the...
PT-2024-18663 · WordPress · Eleforms
Name of the Vulnerable Software and Affected Versions: EleForms – All In One Form Integration including DB for Elementor plugin for WordPress versions up to, and including, 2.9.9.7 Description: The issue allows unauthorized access to data due to a missing capability check when downloading form...
PT-2024-28487 · WordPress · Masterstudy Lms Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress versions up to, and including, 3.3.8 Description: The issue allows authenticated attackers with subscriber level permissions and above to access,...
PT-2024-28296 · WordPress · The Popup Box – Best Wordpress Popup Plugin
Name of the Vulnerable Software and Affected Versions: The Popup Box – Best WordPress Popup Plugin versions prior to 4.3.7 Description: The issue allows unauthorized access to data due to a missing capability check on the ays pb create author AJAX action. This makes it possible for unauthenticate...
PT-2024-26377 · WordPress · Country State City Dropdown Cf7
Name of the Vulnerable Software and Affected Versions: The Country State City Dropdown CF7 plugin for WordPress versions up to, and including, 2.7.1 Description: The issue allows authenticated attackers with subscriber access and above to modify data without proper authorization. This is due to a...
PT-2024-24379 · WordPress · The Different Menu In Different Pages – Control Menu Visibility
Name of the Vulnerable Software and Affected Versions: The Different Menu in Different Pages – Control Menu Visibility All in One plugin for WordPress versions up to, and including, 2.3.2 Description: The issue is related to unauthorized access due to a missing capability check on the ajax...
The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Missing Authorization
Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the Tpfdeletetransient function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with...
XStore Core <= 5.3.5 - Missing Authorization
Description The XStore Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized...
Barcode Scanner with Inventory & Order Manager < 1.5.4 - Missing Authorization
Description The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...