5248 matches found
PT-2024-18192 · WordPress · Mollie Forms
Name of the Vulnerable Software and Affected Versions: Mollie Forms plugin for WordPress versions up to, and including, 2.6.3 Description: The issue is related to unauthorized access of data due to a missing capability check on the exportRegistrations function. This allows authenticated attackers...
Auto Affiliate Links < 6.4.3.1 - Missing Authorization via aalAddLink
Description The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or...
PT-2024-18011 · WordPress · Mollie Forms
Name of the Vulnerable Software and Affected Versions: Mollie Forms plugin for WordPress versions up to, and including, 2.6.3 Description: The issue is related to a missing capability check on the duplicateForm function, allowing authenticated attackers with subscriber access or higher to duplica...
Mollie Forms < 2.6.4 - Missing Authorization to Arbitrary Post Duplication
Description The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or highe...
CVE-2024-1870
The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access ...
CVE-2024-1870
CVE-2024-1870 affects the WordPress plugin Colibri Page Builder . The vulnerability is an unauthorized data modification issue caused by a missing capability check in the function calledActivateLicenseEndpoint, present in all versions up to and including 1.0.260. This allows authenticated attacke...
CVE-2024-1870 Colibri Page Builder <= 1.0.260 - Missing Authorization
The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access ...
CVE-2024-1124
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...
CVE-2024-1124
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...
CVE-2024-1125
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendareventsdelete function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with...
CVE-2024-1123
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for authenticated...
CVE-2024-1123
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for authenticated...
Design/Logic Flaw
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendareventsdelete function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with...
Design/Logic Flaw
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for authenticated...
Code injection
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...
CVE-2024-1125 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendareventsdelete function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with...
CVE-2024-1123 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for authenticated...
CVE-2024-1123
CVE-2024-1123 concerns the EventPrime – Events Calendar, Bookings and Tickets WordPress plugin. The vulnerability is a missing capability check in save_frontend_event_submission() across versions up to and including 3.4.2, enabling unauthorized data modification. Exploitation requires subscriber-...
CVE-2024-1124 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...
PT-2024-18378 · WordPress · Colibri Page Builder
Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.260 Description: The issue is related to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function. This allows...