CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2024/03/13 4:15 p.m.•16 views

CVE-2024-1862

The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcrdismissadminnotice' function in all versions up to, and including, 1.2.13. This makes it possible for authenticated...

8.1CVSS7.8AI score0.00673EPSS

4.3CVSS7.3AI score0.00441EPSS

CVE-2024-1690

The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawalletexportusersearch function in all versions up to, and including, 1.4.10. This...

OSV•added 2024/03/13 4:15 p.m.•6 views

CVE-2024-1763

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to...

5.3CVSS5.8AI score0.0044EPSS

NVD•added 2024/03/13 4:15 p.m.•17 views

CVE-2024-1690

4.3CVSS4.3AI score0.00441EPSS

NVD•added 2024/03/13 4:15 p.m.•14 views

CVE-2024-1370

The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribedownload function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access...

5.3CVSS5AI score0.00445EPSS

NVD•added 2024/03/13 4:15 p.m.•25 views

CVE-2024-1380

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0 Free and 2.25.0 Premium. This makes it possible for unauthenticated attackers ...

5.3CVSS5.1AI score0.50192EPSS

4.3CVSS5.8AI score0.00445EPSS

CVE-2024-1370

5.3CVSS7.3AI score0.50192EPSS

CVE-2024-1380

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log...

NVD•added 2024/03/13 4:15 p.m.•18 views

CVE-2024-1176

The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email...

5.3CVSS5.1AI score0.00611EPSS

NVD•added 2024/03/13 4:15 p.m.•20 views

CVE-2024-1127

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bookingexportall function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...

4.3CVSS4.3AI score0.0053EPSS

NVD•added 2024/03/13 4:15 p.m.•15 views

CVE-2024-1158

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and including,...

4.3CVSS4.4AI score0.00507EPSS

OSV•added 2024/03/13 4:15 p.m.•2 views

CVE-2024-0631

The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkduitkuresponse function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status ...

5.3CVSS5.8AI score0.0063EPSS

NVD•added 2024/03/13 4:15 p.m.•23 views

CVE-2024-0631

The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkduitkuresponse function in all versions up to, and including, 2.11.6. This makes it possible for unauthenticated attackers to change the payment status ...

5.3CVSS5.1AI score0.0063EPSS

4.3CVSS5.8AI score0.00578EPSS

CVE-2024-0385

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

OSV•added 2024/03/13 4:15 p.m.•6 views

CVE-2024-0447

The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibotupdate function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with...

5CVSS5.8AI score0.00585EPSS

NVD•added 2024/03/13 4:15 p.m.•12 views

CVE-2024-0377

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processreview' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish...

5.3CVSS5.1AI score0.00674EPSS

NVD•added 2024/03/13 4:15 p.m.•13 views

CVE-2024-0447

5CVSS4.8AI score0.00585EPSS