5251 matches found
Filter Custom Fields & Taxonomies Light <= 1.05 - Missing Authorization
Description The Filter Custom Fields & Taxonomies Light plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.05. This makes it possible for authenticated attackers, with subscriber-level access and above,...
CVE-2024-3243
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-3869
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...
CVE-2024-3869
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...
CVE-2024-3243
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-3243
CVE-2024-3243 affects the Customer Reviews for WooCommerce plugin for WordPress. Root cause: a missing capability check in send_test_email(), enabling unauthorized email sending by authenticated users with subscriber-level access or higher. Affected versions: all versions up to and including 5.46...
CVE-2024-3243 Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-3869 Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...
CVE-2024-3243 Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-3869 Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...
CVE-2024-3869
Technical details about CVE-2024-3869 are not publicly provided in the supplied documents. Monitor for updates from Wordfence/NVD.
Customer Reviews for WooCommerce < 5.47.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search
Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...
Restrict Content < 3.2.9 - Missing Authorization
Description The Restrict Content plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the updateoptingetstatus function in versions up to, and including, 3.2.8. This makes it possible for unauthenticated attackers to update opt in status...
PT-2024-24559 · WordPress · Customer Reviews For Woocommerce
Name of the Vulnerable Software and Affected Versions: Customer Reviews for WooCommerce plugin for WordPress versions up to, and including, 5.46.0 Description: The issue is related to unauthorized email sending due to a missing capability check on the send test email function. This allows...
PT-2024-28134 · WordPress · Customer Reviews For Woocommerce
Name of the Vulnerable Software and Affected Versions: Customer Reviews for WooCommerce plugin for WordPress affected versions not specified Description: The issue allows unauthorized access to data due to a missing capability check on the woocommerce json search coupons function. This enables...
VulnCheck KEV: CVE-2024-32589
The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.4 - Missing Authorization
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pmuploadcoverimage function in all versions up to, and including, 5.8.3. This makes it possible for...
2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins
Description The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniffins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make...
Country State City Dropdown CF7 < 2.7.2 - Missing Authorization
Description The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tccscapatchsettings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with...
CVE-2024-3662
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoominstagramcleardata function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access...