CVE-2024-1380 Relevanssi – A Better Search <= 4.22.0 (Free) and <= 2.25.0 (Premium) - Missing Authorization to Unauthenticated Query Log Export

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0 Free and 2.25.0 Premium. This makes it possible for unauthenticated attackers ...

CVE-2024-2172 Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

CVE-2024-2172 Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

CVE-2024-0828 Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers...

CVE-2024-1127 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bookingexportall function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...

CVE-2024-1127

CVE-2024-1127 affects the WordPress plugin “EventPrime – Events Calendar, Bookings and Tickets.” The vulnerability is a missing capability check in booking_export_all(), present in all versions up to and including 3.4.1. This allows authenticated attackers with subscriber-level access or higher t...

CVE-2024-1158

The CVE-2024-1158 entry concerns the WordPress plugin BuddyForms (Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions). All versions up to 2.8.7 are affected due to a missing capability check in buddyforms_new_page, enabling authenticated u...

CVE-2024-1158 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and including,...

CVE-2024-1843 Auto Affiliate Links <= 6.4.3 - Missing Authorization via aalAddLink

The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add...

CVE-2024-1176

CVE-2024-1176 affects the HT Easy GA4 – Google Analytics WordPress Plugin. The vulnerability is a missing capability check in login() that enables unauthenticated modification of the GA4 email. Affected versions are all up to and including 1.1.5. Remediation: upgrade to 1.1.6 or later (Wordfence/...

PT-2024-17992 · WordPress · Relevanssi

Name of the Vulnerable Software and Affected Versions: Relevanssi – A Better Search plugin for WordPress versions up to, and including, 4.22.0 Description: The issue is related to a missing capability check on the relevanssi export log check function, allowing unauthenticated attackers to export...

PT-2024-15504 · WordPress · Bulk Edit Post Titles

Name of the Vulnerable Software and Affected Versions: Bulk Edit Post Titles plugin for WordPress versions up to, and including, 5.0.0 Description: The issue allows authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts due to a missing capability check...

PT-2024-16874 · WordPress · Eventprime – Events Calendar

Name of the Vulnerable Software and Affected Versions: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to, and including, 3.4.1 Description: The issue allows unauthorized access to data due to a missing capability check on the booking export all function...

PT-2024-15511 · WordPress · Lifterlms

Name of the Vulnerable Software and Affected Versions: LifterLMS – WordPress LMS Plugin for eLearning versions up to, and including, 7.5.1 Description: The issue allows unauthorized modification of data due to a missing capability check on the process review function. This enables unauthenticated...

PT-2024-15567 · WordPress · Artibot Free Chat Bot

Name of the Vulnerable Software and Affected Versions: ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress versions up to, and including, 1.1.6 Description: The issue allows authenticated attackers with subscriber-level access and above to update plugin settings due to a missing...

PT-2024-18226 · WordPress · Terawallet

Name of the Vulnerable Software and Affected Versions: The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress versions up to, and including, 1.4.10 Description: The issue allows authenticated attackers with subscriber-level acce...

PT-2024-18371 · WordPress · Woocommerce Add To Cart Custom Redirect

Name of the Vulnerable Software and Affected Versions: WooCommerce Add to Cart Custom Redirect plugin for WordPress versions up to, and including, 1.2.13 Description: The issue allows authenticated attackers with contributor access and above to update the values of arbitrary site options to...

Accordion < 2.2.97 - Missing Authorization to Authenticated(Contributor+) Post Duplication

Description The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers,...

PT-2024-16868 · WordPress · Eventprime – Events Calendar

Name of the Vulnerable Software and Affected Versions: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to, and including, 3.4.1 Description: The issue is related to unauthorized access of data due to a missing capability check on the get attendees email by...

PT-2024-15707 · WordPress · Duitku Payment Gateway

Name of the Vulnerable Software and Affected Versions: Duitku Payment Gateway plugin for WordPress versions up to, and including, 2.11.4 Description: The issue is related to a missing capability check on the check duitku response function, allowing unauthenticated attackers to modify data...