Lucene search
K

5260 matches found

WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.15 views

WP2LEADS < 3.2.8 - Missing Authorization

Description The WP2LEADS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions such as importmaps in versions up to, and including, 3.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

5.4CVSS6.5AI score0.00394EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.21 views

EmbedPress < 3.9.9 - Missing Authorization via handle_calendly_data

Description The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handlecalendlydata function in versions up to, and including, 3.9.8. This makes it possible for unauthenticated attackers to update calendly settings...

9.8CVSS6.4AI score0.00397EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.17 views

Soledad < 8.4.6 - Missing Authorization

Description The Soledad theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 8.4.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...

7.1CVSS6.5AI score0.00428EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.13 views

Soledad < 8.4.6 - Missing Authorization

Description The Soledad theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 8.4.5. This makes it possible for unauthenticated attackers to perform an unauthorized action...

6.5CVSS6.8AI score0.00437EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/11 12:0 a.m.13 views

WP Sort Order < 1.3.2 - Missing Authorization

Description The WP Sort Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions such as updatemenuorder in versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS6.2AI score0.00323EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/10 8:9 a.m.3 views

Kernel: bluetooth: Unauthorized management command execution

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

6.8CVSS7AI score0.0147EPSS
Exploits2References5
NVD
NVD
added 2024/04/10 5:15 a.m.23 views

CVE-2024-2428

The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to...

4.7CVSS5.5AI score0.00495EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/10 5:0 a.m.14 views

CVE-2024-2428 The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS

The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to...

5.9AI score0.00495EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/10 5:0 a.m.30 views

CVE-2024-2428 The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS

The Ultimate Video Player For WordPress WordPress plugin before 2.2.3 does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to...

5.6AI score0.00495EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/10 4:30 a.m.38 views

CVE-2024-1042 WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions

The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated...

6.4CVSS6.2AI score0.00362EPSS
Exploits0References2
CVE
CVE
added 2024/04/10 4:30 a.m.61 views

CVE-2024-1042

CVE-2024-1042 affects the WP Radio plugin for WordPress (versions up to 3.1.9). Description shows unauthorized modification of data via missing capability checks on several AJAX actions, allowing authenticated users with subscriber+ privileges to import stations, remove countries, and alter plugi...

6.4CVSS6AI score0.00362EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/10 12:0 a.m.17 views

WP Poll Maker < 3.4 - Authenticated (Subscriber+) Arbitrary File Deletion

Description The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the itepollthemeactionuninstall function and insufficient file path validation in all versions up to, and including, 3.1...

8.1CVSS7.5AI score0.00658EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.7 views

PT-2024-16264 · WordPress · The Wp Radio – Worldwide Online Radio Stations Directory

Name of the Vulnerable Software and Affected Versions: The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin versions up to, and including, 3.1.9 Description: The issue allows authenticated attackers with subscriber access and above to import radio stations, remove...

6.4CVSS6.7AI score0.00362EPSS
Exploits0References6
NVD
NVD
added 2024/04/09 7:15 p.m.21 views

CVE-2024-3213

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssiupdatecounts function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive...

8.2CVSS5.2AI score0.0081EPSS
Exploits0References3
OSV
OSV
added 2024/04/09 7:15 p.m.2 views

CVE-2024-2543

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...

4.3CVSS7.3AI score0.00623EPSS
Exploits1References3
NVD
NVD
added 2024/04/09 7:15 p.m.21 views

CVE-2024-2543

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...

4.3CVSS4.4AI score0.00623EPSS
Exploits1References3
NVD
NVD
added 2024/04/09 7:15 p.m.29 views

CVE-2024-1991

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateusersrole function in all versions up to, and including, 5.3.0.0. This makes it possible for...

8.8CVSS8.8AI score0.00891EPSS
Exploits0References3
OSV
OSV
added 2024/04/09 7:15 p.m.4 views

CVE-2024-1904

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

4.3CVSS5.8AI score0.00468EPSS
Exploits0References2
OSV
OSV
added 2024/04/09 7:15 p.m.5 views

CVE-2024-1934

The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpslocalcompress::construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset th...

7.5CVSS5.8AI score0.00718EPSS
Exploits0References3
NVD
NVD
added 2024/04/09 7:15 p.m.15 views

CVE-2024-1934

The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpslocalcompress::construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers to reset th...

7.5CVSS7.3AI score0.00718EPSS
Exploits0References3
Rows per page
Query Builder