Lucene search
K

5251 matches found

Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-24925 · WordPress · Smartcrawl

Name of the Vulnerable Software and Affected Versions: SmartCrawl WordPress SEO checker plugin versions up to, and including, 3.10.2 Description: The issue is related to unauthorized ld+json description injection due to a missing capability check on the save settings function. This allows...

5.3CVSS7.2AI score0.00565EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-20306 · WordPress · User Registration – Custom Registration Form

Name of the Vulnerable Software and Affected Versions: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin versions up to, and including, 3.1.5 Description: The issue is related to a missing capability check on the form save action function, allowing...

8.8CVSS6.5AI score0.00938EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.5 views

PT-2024-26508 · WordPress · Wordpress Backup & Migration

Name of the Vulnerable Software and Affected Versions: WordPress Backup & Migration plugin versions up to, and including, 1.4.8 Description: The issue allows authenticated attackers with subscriber access or above to access log files maintained by the plugin due to a missing capability check on t...

4.3CVSS6.8AI score0.00491EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-26879 · WordPress · Propertyhive

Name of the Vulnerable Software and Affected Versions: PropertyHive plugin for WordPress versions up to, and including, 2.0.12 Description: The issue is related to unauthorized loss of data due to a missing capability check on the delete key date function. This allows authenticated attackers with...

4.3CVSS6.7AI score0.00619EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.7 views

PT-2024-26846 · WordPress · The Poll Maker – Best Wordpress Poll Plugin

Name of the Vulnerable Software and Affected Versions: The Poll Maker – Best WordPress Poll Plugin versions up to, and including, 5.1.8 Description: The issue is related to unauthorized access of data due to a missing capability check on the ays poll create author function. This allows...

5.3CVSS6.9AI score0.00584EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-26761 · WordPress · Send Pdf For Contact Form 7

Name of the Vulnerable Software and Affected Versions: Send PDF for Contact Form 7 plugin for WordPress versions up to, and including, 1.0.2.3 Description: The issue allows unauthorized access to form submissions due to a missing capability check on the hooks function. This makes it possible for...

5.3CVSS6.5AI score0.00691EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.3 views

PT-2024-15705 · WordPress · 2Checkout Payment Gateway For Woocommerce

Name of the Vulnerable Software and Affected Versions: 2Checkout Payment Gateway for WooCommerce plugin for WordPress versions up to, and including, 6.2 Description: The issue is related to a missing capability check on the sniff ins function, allowing unauthenticated attackers to modify data,...

5.3CVSS6.9AI score0.00397EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-24511 · WordPress · The Ivory Search

Name of the Vulnerable Software and Affected Versions: The Ivory Search – WordPress Search Plugin versions up to, and including, 5.5.5 Description: The issue allows authenticated attackers with subscriber-level access and above to modify data without authorization due to a missing capability chec...

4.3CVSS6.5AI score0.00445EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.3 views

PT-2024-18224 · WordPress · Woo Total Sales

Name of the Vulnerable Software and Affected Versions: Woo Total Sales plugin for WordPress versions up to, and including, 3.1.4 Description: The issue is related to unauthorized access of data due to a missing capability check on the get orders archive function. This allows unauthenticated...

5.3CVSS6.9AI score0.00457EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.5 views

PT-2024-28469 · Unknown · The Post Grid – Shortcode

Name of the Vulnerable Software and Affected Versions: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin versions up to, and including, 7.6.1 Description: The issue allows authenticated attackers with subscriber access or higher to modify the plugin's settings a...

4.3CVSS6.6AI score0.0056EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.6 views

PT-2024-24996 · WordPress · User Registration – Custom Registration Form

Name of the Vulnerable Software and Affected Versions: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin versions up to, and including, 3.1.5 Description: The issue is related to unauthorized loss of data due to a missing capability check on the profile p...

6.5CVSS6.9AI score0.0091EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.6 views

PT-2024-15912 · WordPress · The Advanced Post Block – Display Posts

Name of the Vulnerable Software and Affected Versions: The Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page plugin for WordPress versions up to, and including, 1.13.1 Description: The issue is related to unauthorized access of data due to a missing capability check on the...

5.3CVSS7.1AI score0.00516EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-18663 · WordPress · Eleforms

Name of the Vulnerable Software and Affected Versions: EleForms – All In One Form Integration including DB for Elementor plugin for WordPress versions up to, and including, 2.9.9.7 Description: The issue allows unauthorized access to data due to a missing capability check when downloading form...

5.3CVSS6.9AI score0.00532EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-28487 · WordPress · Masterstudy Lms Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress versions up to, and including, 3.3.8 Description: The issue allows authenticated attackers with subscriber level permissions and above to access,...

6.3CVSS6.7AI score0.00384EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.5 views

PT-2024-28296 · WordPress · The Popup Box – Best Wordpress Popup Plugin

Name of the Vulnerable Software and Affected Versions: The Popup Box – Best WordPress Popup Plugin versions prior to 4.3.7 Description: The issue allows unauthorized access to data due to a missing capability check on the ays pb create author AJAX action. This makes it possible for unauthenticate...

5.3CVSS6.9AI score0.00623EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.6 views

PT-2024-26377 · WordPress · Country State City Dropdown Cf7

Name of the Vulnerable Software and Affected Versions: The Country State City Dropdown CF7 plugin for WordPress versions up to, and including, 2.7.1 Description: The issue allows authenticated attackers with subscriber access and above to modify data without proper authorization. This is due to a...

4.3CVSS6.7AI score0.00445EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-24379 · WordPress · The Different Menu In Different Pages – Control Menu Visibility

Name of the Vulnerable Software and Affected Versions: The Different Menu in Different Pages – Control Menu Visibility All in One plugin for WordPress versions up to, and including, 2.3.2 Description: The issue is related to unauthorized access due to a missing capability check on the ajax...

4.3CVSS6.6AI score0.0056EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.12 views

The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Missing Authorization

Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the Tpfdeletetransient function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with...

8.8CVSS6.7AI score0.0043EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.21 views

XStore Core <= 5.3.5 - Missing Authorization

Description The XStore Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized...

8.8CVSS6.7AI score0.00417EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.23 views

Barcode Scanner with Inventory & Order Manager < 1.5.4 - Missing Authorization

Description The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...

9.1CVSS7AI score0.00413EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder