5251 matches found
Vitepos < 3.0.2 - Missing Authorization
Description The Vitepos plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions...
XStore < 9.3.9 - Subscriber+ Arbitrary Options Update
Description The theme is vulnerable to unauthorized modification of data due to a missing capability check on a function, allowing authenticated attackers, with subscriber-level access and above, to update arbitrary options which can be used to achieve privilege escalation...
Sticky Anything <= 2.1.5 - Missing Authorization
Description The Sticky Anything plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to perform an unauthorized action that can lead to Stored...
KB Support < 1.6.1 - Missing Authorization
Description The KB Support plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the kbsajaxdisplayticketnotes and kbsajaxdisplayticketreplies function in versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, wit...
Five Star Restaurant Reservations < 2.6.17 - Missing Authorization
Description The Five Star Restaurant Reservations plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 2.6.16. This makes it possible for unauthenticated attackers to perform unauthorized actions...
EPROLO Dropshipping < 1.7.2 - Missing Authorization
Description The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eprolodisconnect, eproloreflsh, and eproloconnectkey functions in versions up to, and including, 1.7.1. This makes it possible for authenticated...
CVE-2024-3072
CVE-2024-3072 affects the ACF Front End Editor WordPress plugin. Root cause: a missing capability check in update_texts() across all versions up to 2.0.2, enabling authenticated subscribers and above to modify arbitrary post titles, content, and ACF data. Impact is unauthorized data modification ...
CVE-2024-3072 ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...
CVE-2024-1371
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...
CVE-2024-1371
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...
CVE-2024-1371 LeadConnector <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...
ARForms < 6.4.1 - Missing Authorization to Arbitrary File Deletion
Description The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrar...
ARForms < 6.4.1 - Missing Authorization to Arbitrary Plugin Activation/Deactivation
Description The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate and...
ARForms < 6.4.1 - Missing Authorization to Arbitrary Option Deletion
Description The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrar...
PT-2024-23586 · WordPress · Acf On-The-Go
Name of the Vulnerable Software and Affected Versions: ACF On-The-Go plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to a missing capability check on the acfg update fields function, allowing authenticated attackers with subscriber-level access and abov...
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid < 7.7.0 - Missing Authorization
Description The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it...
PT-2024-23595 · WordPress · Acf Front End Editor
Name of the Vulnerable Software and Affected Versions: ACF Front End Editor plugin for WordPress versions prior to 2.0.3 Description: The issue allows authenticated attackers with subscriber-level access and above to update arbitrary post title, content, and ACF data due to a missing capability...
MailerLite – Signup forms (official) < 1.7.7 - Missing Authorization
Description The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it...
RomethemeForm For Elementor < 1.1.3 - Missing Authorization
Description The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to modify forms...
Total Poll Lite < 4.10.0 - Missing Authorization
Description The Total Poll Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetPoll function in versions up to, and including, 4.9.9. This makes it possible for authenticated attackers, with subscriber-level access and above, ...