CVE-2024-1385

The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismissnotices function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access an...

CVE-2024-3216 WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings Reset

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wtpklistresetsettings function in all versions up to, and including, 4.4.2. This makes it possible for...

CVE-2024-3216 WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings Reset

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wtpklistresetsettings function in all versions up to, and including, 4.4.2. This makes it possible for...

CVE-2024-1385

The CVE refers to WP-Stateless (Google Cloud Storage) for WordPress, with a missing capability check in dismiss_notices() that affects all versions up to 3.4.0. The vulnerability allows authenticated users with subscriber-level access and above to update arbitrary option values to the current tim...

CVE-2024-1385 WP-Stateless – Google Cloud Storage <= 3.4.0 - Missing Authorization to Limited Arbitrary Options Update

The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismissnotices function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access an...

CVE-2024-1994

The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermarkactionajax function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above...

CVE-2024-1994

CVE-2024-1994 affects the Image Watermark WordPress plugin; due to a missing capability check in watermark_action_ajax(), authenticated users with subscriber level access and higher can apply or remove watermarks in all versions up to 1.7.3. Impact: data modification (watermarking) of images. Aff...

CVE-2024-1994 Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification

The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermarkactionajax function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above...

WP-Stateless – Google Cloud Storage < 3.4.1 - Missing Authorization to Limited Arbitrary Options Update

Description The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismissnotices function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-lev...

Image Watermark < 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification

Description The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermarkactionajax function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level acce...

PT-2024-18482 · WordPress · Image Watermark

Name of the Vulnerable Software and Affected Versions: Image Watermark plugin for WordPress versions up to, and including, 1.7.3 Description: The issue is related to a missing capability check on the watermark action ajax function, allowing authenticated attackers with subscriber-level access and...

Social Icons Widget & Block by WPZOOM < 4.2.16 - Missing Authorization

Description The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the zoomajaxsetpointertransient function in versions up to, and including, 4.2.15. This makes it possible for authenticated attackers, with...

WooCommerce Multilingual & Multicurrency < 5.3.5 - Missing Authorization

Description The WooCommerce Multilingual & Multicurrency plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

Shortcodes and extra features for Phlox theme <= 2.15.5 - Missing Authorization

Description The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.15.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfor...

Events Manager < 6.4.7 - Missing Authorization

Description The Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 6.4.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions...

SP Project & Document Manager <= 4.70 - Missing Authorization Stored Cross-Site Scripting

Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check function in versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject maliciou...

Church Admin < 4.1.19 - Missing Authorization

Description The Church Admin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 4.1.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthoriz...

MP3 Audio Player for Music, Radio & Podcast by Sonaar < 5.1.1 - Missing Authorization

Description The MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.1. This makes it possible for authenticated attackers, with subscriber-level acce...

BEAR < 1.1.4.4 - Missing Authorization

Description The BEAR plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woobeupdatepagefield function in versions up to, and including, 1.1.4.3. This makes it possible for unauthenticated attackers to update page details...

Calendarista Basic Edition < 3.0.6 - Missing Authorization

Description The Calendarista Basic Edition plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to perform an unauthorized action...