Advanced Testimonial Carousel for Elementor < 3.0.1 - Missing Authorization

Description The Advanced Testimonial Carousel for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handleAjaxCalls function in versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber-leve...

SchedulePress < 5.0.9 - Missing Authorization

Description The SchedulePress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 5.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized...

ShortPixel Critical CSS < 1.0.3 - Missing Authorization

Description The ShortPixel Critical CSS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several function sin versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

WP LinkedIn Auto Publish < 8.12 - Missing Authorization

Description The WP LinkedIn Auto Publish plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wplinkedinautopublishdeletealllinkedinsettings function in versions up to, and including, 8.11. This makes it possible for authenticated...

Evergreen Content Poster < 1.4.3 - Missing Authorization

Description The Evergreen Content Poster plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createnetworkpost function in versions up to, and including, 1.4.2. This makes it possible for authenticated attackers, with subscriber-level...

Page Builder: Live Composer < 1.5.39 - Missing Authorization

Description The Page Builder: Live Composer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dslcajaxaddmodule function in versions up to, and including, 1.5.38. This makes it possible for authenticated attackers, with author-level...

VK Block Patterns < 1.31.1.1 - Missing Authorization

Description The VK Block Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vbpclearpatternscache function in versions up to, and including, 1.31.0. This makes it possible for unauthenticated attackers to clear the patterns...

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.29 - Missing Authorization

Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.0.28. This makes it possible for...

AppPresser < 4.3.1 - Missing Authorization

Description The AppPresser plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggleloggingcallback function in versions up to, and including, 4.3.0. This makes it possible for unauthenticated attackers to enable and disable logging...

CentOS 7 : kernel (RHSA-2024:2004)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2004 advisory. - A race condition in the Linux kernel before 5.5.7 involving VTRESIZEX could lead to a NULL pointer dereference and general protection fault...

CVE-2024-3893

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtclfbgalleryimagedelete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticate...

CVE-2024-3893

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtclfbgalleryimagedelete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticate...

CVE-2024-3893 Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtclfbgalleryimagedelete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticate...

CVE-2024-3893

CVE-2024-3893 affects the Classified Listing – Classified ads & Business Directory Plugin for WordPress. A missing capability check in the rtcl_fb_gallery_image_delete AJAX action allows authenticated users with subscriber-level access and above to delete arbitrary attachments on all versions up ...

LoginPress Pro < 3.0.0 - Unauthenticated License Activation/Deactivation

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check, allowing unauthenticated attacks to activate and deactivate licenses...

PT-2024-28284 · WordPress · The Classified Listing – Classified Ads & Business Directory Plugin

Name of the Vulnerable Software and Affected Versions: The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress versions up to, and including, 3.0.10.3 Description: The issue is related to a missing capability check on the rtcl fb gallery image delete AJAX action...

Support Genix < 1.2.4 - Missing Authorization

Description The Support Genix plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in all versions up to, and including, 1.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform...

Kernel: bluetooth: Unauthorized management command execution

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

Kernel: bluetooth: Unauthorized management command execution

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

CVE-2024-0900

The CVE-2024-0900 entry concerns the Elespare WordPress plugin. It documents a vulnerability that allows authenticated attackers with subscriber-level access and above to create arbitrary posts due to a missing capability check in the elespare_create_post() function, which is invoked via AJAX. Th...