Lucene search
K

5251 matches found

WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.15 views

Vitepos < 3.0.2 - Missing Authorization

Description The Vitepos plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions...

4.3CVSS6.7AI score0.00376EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.17 views

XStore < 9.3.9 - Subscriber+ Arbitrary Options Update

Description The theme is vulnerable to unauthorized modification of data due to a missing capability check on a function, allowing authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be used to achieve privilege escalation...

8.8CVSS9.3AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.13 views

Sticky Anything <= 2.1.5 - Missing Authorization

Description The Sticky Anything plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to perform an unauthorized action that can lead to Stored...

7.1CVSS6.6AI score0.00185EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.16 views

KB Support < 1.6.1 - Missing Authorization

Description The KB Support plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the kbsajaxdisplayticketnotes and kbsajaxdisplayticketreplies function in versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, wit...

6.5CVSS6.6AI score0.00466EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.15 views

Five Star Restaurant Reservations < 2.6.17 - Missing Authorization

Description The Five Star Restaurant Reservations plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 2.6.16. This makes it possible for unauthenticated attackers to perform unauthorized actions...

5.3CVSS7AI score0.00384EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.15 views

EPROLO Dropshipping < 1.7.2 - Missing Authorization

Description The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eprolodisconnect, eproloreflsh, and eproloconnectkey functions in versions up to, and including, 1.7.1. This makes it possible for authenticated...

4.3CVSS6.6AI score0.00376EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/04/30 8:32 a.m.52 views

CVE-2024-3072

CVE-2024-3072 affects the ACF Front End Editor WordPress plugin. Root cause: a missing capability check in update_texts() across all versions up to 2.0.2, enabling authenticated subscribers and above to modify arbitrary post titles, content, and ACF data. Impact is unauthorized data modification ...

4.3CVSS6.5AI score0.0034EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/30 8:32 a.m.24 views

CVE-2024-3072 ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...

4.3CVSS5.1AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2024/04/30 3:15 a.m.12 views

CVE-2024-1371

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...

6.5CVSS6.7AI score0.00587EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/30 2:35 a.m.15 views

CVE-2024-1371

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...

6.5CVSS7.1AI score0.00587EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/30 2:35 a.m.25 views

CVE-2024-1371 LeadConnector <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...

6.5CVSS6.8AI score0.00587EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/04/30 12:0 a.m.17 views

ARForms < 6.4.1 - Missing Authorization to Arbitrary File Deletion

Description The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrar...

8.1CVSS6.8AI score0.00577EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/30 12:0 a.m.14 views

ARForms < 6.4.1 - Missing Authorization to Arbitrary Plugin Activation/Deactivation

Description The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate and...

8.8CVSS6.8AI score0.00382EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/30 12:0 a.m.15 views

ARForms < 6.4.1 - Missing Authorization to Arbitrary Option Deletion

Description The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrar...

7.1CVSS6.8AI score0.00335EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.6 views

PT-2024-23586 · WordPress · Acf On-The-Go

Name of the Vulnerable Software and Affected Versions: ACF On-The-Go plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to a missing capability check on the acfg update fields function, allowing authenticated attackers with subscriber-level access and abov...

4.3CVSS6.9AI score0.00361EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/04/30 12:0 a.m.15 views

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid < 7.7.0 - Missing Authorization

Description The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it...

4.3CVSS6.5AI score0.0056EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.6 views

PT-2024-23595 · WordPress · Acf Front End Editor

Name of the Vulnerable Software and Affected Versions: ACF Front End Editor plugin for WordPress versions prior to 2.0.3 Description: The issue allows authenticated attackers with subscriber-level access and above to update arbitrary post title, content, and ACF data due to a missing capability...

4.3CVSS6.9AI score0.0034EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.16 views

MailerLite – Signup forms (official) < 1.7.7 - Missing Authorization

Description The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it...

5.3CVSS6.7AI score0.00504EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.11 views

RomethemeForm For Elementor < 1.1.3 - Missing Authorization

Description The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to modify forms...

5.3CVSS6.9AI score0.00313EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.17 views

Total Poll Lite < 4.10.0 - Missing Authorization

Description The Total Poll Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetPoll function in versions up to, and including, 4.9.9. This makes it possible for authenticated attackers, with subscriber-level access and above, ...

4.3CVSS6.7AI score0.00373EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder