CVE-2024-2543 Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...

CVE-2024-1850 AI Post Generator | AutoWriter <= 3.3 - Missing Authorization

The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...

CVE-2024-1850 AI Post Generator | AutoWriter <= 3.3 - Missing Authorization

The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...

CVE-2024-1308 WooCommerce Cloak Affiliate Links <= 1.0.33 - Missing Authorization to Unauthenticated Permalink Modification

The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalinksettingssave' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the...

CVE-2024-1308

The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalinksettingssave' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the...

CVE-2024-1904 MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts

The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the searchposts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

CVE-2024-1641 Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication

The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with...

CVE-2024-1641 Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication

The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with...

PT-2024-3145 · Tutor Lms · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS versions up to, and including, 2.6.2 Description: The issue is related to a missing capability check on the hide notices function, which allows unauthorized modification of data. This makes it possible for unauthenticated attackers ...

WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions

Description The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for...

PT-2024-18185 · WordPress · 360 Javascript Viewer

Name of the Vulnerable Software and Affected Versions: 360 Javascript Viewer plugin for WordPress versions prior to 1.7.13 Description: The issue allows authenticated attackers with subscriber access or higher to update plugin settings due to a missing capability check and nonce exposure on sever...

PT-2024-23696 · WordPress · Nextgen Gallery

Name of the Vulnerable Software and Affected Versions: NextGEN Gallery plugin for WordPress versions up to and including 3.59 Description: The issue allows unauthorized access to data due to a missing capability check on the get item function. This enables unauthenticated attackers to extract...

PT-2024-18479 · WordPress · Registrationmagic

Name of the Vulnerable Software and Affected Versions: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress versions up to, and including, 5.3.0.0 Description: The issue is related to a missing capability check on the update users role...

PT-2024-20938 · WordPress · Permalink Manager Lite

Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin for WordPress versions up to, and including, 2.4.3.1 Description: The issue allows unauthorized access to data due to a missing capability check on the get uri editor function. This enables unauthenticated...

PT-2024-17923 · WordPress · Woocommerce Cloak Affiliate Links

Name of the Vulnerable Software and Affected Versions: WooCommerce Cloak Affiliate Links plugin for WordPress versions up to, and including, 1.0.33 Description: The issue allows unauthorized modification of data due to a missing capability check on the permalink settings save function. This makes...

PT-2024-18410 · WordPress · Masterstudy Lms

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS plugin for WordPress versions up to, and including, 3.2.13 Description: The issue allows unauthorized access to data due to a missing capability check on the search posts function. This makes it possible for authenticated...

PT-2024-24424 · WordPress · Relevanssi

Name of the Vulnerable Software and Affected Versions: The Relevanssi – A Better Search plugin for WordPress versions up to, and including, 4.22.1 Description: The issue allows unauthorized modification of data due to a missing capability check on the relevanssi update counts function. This makes...

PT-2024-18434 · WordPress · Wp Compress

Name of the Vulnerable Software and Affected Versions: WP Compress – Image Optimizer plugin for WordPress versions up to, and including, 6.11.10 Description: The issue allows unauthorized modification of data due to a missing capability check on the wps local compress:: construct function. This...

WordPress Gallery Plugin – NextGEN Gallery < 3.59.1 - Missing Authorization to Unauthenticated Information Disclosure

Description The WordPress Gallery Plugin – NextGEN Gallery plugin is vulnerable to unauthorized access of data due to a missing capability check on the getitem function. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image...

CVE-2024-3216

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wtpklistresetsettings function in all versions up to, and including, 4.4.2. This makes it possible for...