Lucene search
K

5251 matches found

WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.13 views

Filter Custom Fields & Taxonomies Light <= 1.05 - Missing Authorization

Description The Filter Custom Fields & Taxonomies Light plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.05. This makes it possible for authenticated attackers, with subscriber-level access and above,...

8.8CVSS6.7AI score0.00351EPSS
Exploits0References1
NVD
NVD
added 2024/04/16 1:15 p.m.23 views

CVE-2024-3243

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.4AI score0.00431EPSS
Exploits0References3
NVD
NVD
added 2024/04/16 1:15 p.m.30 views

CVE-2024-3869

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...

4.3CVSS4.4AI score0.00454EPSS
Exploits0References3
OSV
OSV
added 2024/04/16 1:15 p.m.3 views

CVE-2024-3869

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...

4.3CVSS5.8AI score0.00454EPSS
Exploits0References3
OSV
OSV
added 2024/04/16 1:15 p.m.6 views

CVE-2024-3243

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS5.9AI score0.00431EPSS
Exploits0References3
CVE
CVE
added 2024/04/16 12:51 p.m.58 views

CVE-2024-3243

CVE-2024-3243 affects the Customer Reviews for WooCommerce plugin for WordPress. Root cause: a missing capability check in send_test_email(), enabling unauthorized email sending by authenticated users with subscriber-level access or higher. Affected versions: all versions up to and including 5.46...

4.3CVSS6.5AI score0.00431EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/04/16 12:51 p.m.28 views

CVE-2024-3243 Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.7AI score0.00431EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/16 12:51 p.m.24 views

CVE-2024-3869 Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...

4.3CVSS4.7AI score0.00454EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/16 12:51 p.m.11 views

CVE-2024-3243 Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6AI score0.00431EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/16 12:51 p.m.12 views

CVE-2024-3869 Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...

4.3CVSS5.9AI score0.00454EPSS
Exploits0References3
CVE
CVE
added 2024/04/16 12:51 p.m.48 views

CVE-2024-3869

Technical details about CVE-2024-3869 are not publicly provided in the supplied documents. Monitor for updates from Wordfence/NVD.

4.3CVSS6.5AI score0.00454EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.15 views

Customer Reviews for WooCommerce < 5.47.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search

Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...

4.3CVSS6.6AI score0.00454EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.11 views

Restrict Content < 3.2.9 - Missing Authorization

Description The Restrict Content plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the updateoptingetstatus function in versions up to, and including, 3.2.8. This makes it possible for unauthenticated attackers to update opt in status...

5.3CVSS6.8AI score0.00359EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.5 views

PT-2024-24559 · WordPress · Customer Reviews For Woocommerce

Name of the Vulnerable Software and Affected Versions: Customer Reviews for WooCommerce plugin for WordPress versions up to, and including, 5.46.0 Description: The issue is related to unauthorized email sending due to a missing capability check on the send test email function. This allows...

4.3CVSS6.7AI score0.00431EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.4 views

PT-2024-28134 · WordPress · Customer Reviews For Woocommerce

Name of the Vulnerable Software and Affected Versions: Customer Reviews for WooCommerce plugin for WordPress affected versions not specified Description: The issue allows unauthorized access to data due to a missing capability check on the woocommerce json search coupons function. This enables...

4.3CVSS6.4AI score0.00454EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2024/04/16 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-32589

The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

7.1CVSS5.8AI score0.00161EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.16 views

ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.4 - Missing Authorization

Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pmuploadcoverimage function in all versions up to, and including, 5.8.3. This makes it possible for...

4.3CVSS6.4AI score0.00454EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/15 12:0 a.m.13 views

2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins

Description The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniffins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make...

5.3CVSS6.6AI score0.00397EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/15 12:0 a.m.17 views

Country State City Dropdown CF7 < 2.7.2 - Missing Authorization

Description The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tccscapatchsettings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with...

4.3CVSS6.4AI score0.00445EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/13 9:15 a.m.14 views

CVE-2024-3662

The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoominstagramcleardata function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS4.3AI score0.00465EPSS
Exploits0References2
Rows per page
Query Builder