CVE-2024-1732

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...

CVE-2024-1807 Product Sort and Display for WooCommerce <= 2.4.1 - Missing Authorization

The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psadupdateproductcatcustommetaajax function in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated attacke...

CVE-2024-1732 Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...

CVE-2024-1807 Product Sort and Display for WooCommerce <= 2.4.1 - Missing Authorization

The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psadupdateproductcatcustommetaajax function in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated attacke...

CVE-2024-1732

CVE-2024-1732 : The Sharkdropship Dropshipping & Affiliate for AliExpress WordPress plugin is vulnerable to unauthenticated data loss via a missing capability check in wads_removeProductFromShop(), affecting all versions up to 2.2.4. Impact is unauthorized deletion of posts; CVSS indicates networ...

CVE-2024-1807

CVE-2024-1807 affects the Product Sort and Display for WooCommerce plugin (WordPress). Root cause: missing capability check in the psad_update_product_cat_custom_meta_ajax function, impacting all versions up to 2.4.1. Consequence: unauthenticated attackers could modify data to hide product catego...

CVE-2024-1732 Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...

PT-2024-18323 · WordPress · Product Sort/Display For Woocommerce

Name of the Vulnerable Software and Affected Versions: Product Sort and Display for WooCommerce plugin for WordPress versions up to, and including, 2.4.1 Description: The issue is related to a missing capability check on the psad update product cat custom meta ajax function, allowing unauthorized...

VulnCheck KEV: CVE-2024-2848

The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefootertextcallback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into...

CVE-2024-2086

The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple...

CVE-2024-2086 Integrate Google Drive <= 1.3.8 - Missing Authorization to Unauthenticated Settings Modification and Export

The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple...

CVE-2024-2848 Responsive <= 5.0.2 - Missing Authorization to HTML Injection

The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefootertextcallback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into th...

CVE-2024-2848

The CVE-2024-2848 entry describes a vulnerability in the WordPress Responsive theme: unauthenticated attackers can inject arbitrary HTML into a site’s footer due to a missing capability check in save_footer_text_callback in versions up to 5.0.2. The provided documents do not specify a patch versi...

CVE-2024-2476

The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadthemepanelpane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

CVE-2024-2476

CVE-2024-2476 concerns OceanWP for WordPress. The vulnerability is due to a missing capability check in load_theme_panel_pane, affecting all versions up to 3.5.4. The impact, as described in the sources, is unauthorized access to data for authenticated users with subscriber-level access and above...

CVE-2024-2476 OceanWP <= 3.5.4 - Missing Authorization to Sensitive Information Exposure via Limited Local File Inclusion

The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadthemepanelpane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

PT-2024-22447 · WordPress · Responsive

Name of the Vulnerable Software and Affected Versions: The Responsive theme for WordPress versions up to, and including, 5.0.2 Description: The issue allows unauthorized modification of data due to a missing capability check on the save footer text callback function. This makes it possible for...

PT-2024-20537 · WordPress · Oceanwp

Name of the Vulnerable Software and Affected Versions: OceanWP theme for WordPress versions up to, and including, 3.5.4 Description: The issue allows unauthorized access to data due to a missing capability check on the load theme panel pane function. This makes it possible for authenticated...

CVE-2024-2962

CVE-2024-2962 affects the Networker - Tech News WordPress Theme with Dark Mode. The vulnerability arises from a missing capability check in the admin_reload_nav_menu() function, affecting all versions up to and including 1.1.9. This allows unauthenticated attackers to modify the location of displ...

CVE-2024-2962 Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization

The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to...