CVE-2024-1123 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for authenticated...

CVE-2024-1124 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...

PT-2024-18378 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.260 Description: The issue is related to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function. This allows...

PT-2024-16844 · WordPress · Eventprime – Events Calendar

Name of the Vulnerable Software and Affected Versions: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to, and including, 3.4.2 Description: The issue is related to a missing capability check on the save frontend event submission function, allowing...

PT-2024-16849 · WordPress · Eventprime – Events Calendar

Name of the Vulnerable Software and Affected Versions: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to, and including, 3.4.1 Description: The issue is related to unauthorized email sending due to a missing capability check on the ep send attendees email...

PT-2024-16859 · WordPress · Eventprime – Events Calendar

Name of the Vulnerable Software and Affected Versions: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to, and including, 3.4.3 Description: The issue is related to a missing capability check on the calendar events delete function, which allows authenticate...

CVE-2024-2298

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpimportproduct function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-2298

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpimportproduct function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-1851

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpcreatelist function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level acce...

CVE-2024-1851

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpcreatelist function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level acce...

Design/Logic Flaw

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpimportproduct function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level...

Design/Logic Flaw

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpcreatelist function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level acce...

CVE-2024-2298

CVE-2024-2298 affects the WordPress plugin “affiliate-toolkit – WordPress Affiliate Plugin”. The root cause is a missing capability check in the atkp_import_product() function, leading to broken access control. This allows authenticated users with subscriber-level access and above to perform unau...

CVE-2024-1851 affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_create_list

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpcreatelist function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level acce...

CVE-2024-2298 affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_import_product

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpimportproduct function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-1851 affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_create_list

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpcreatelist function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level acce...

PT-2024-19631 · WordPress · Affiliate-Toolkit – Wordpress Affiliate Plugin

Name of the Vulnerable Software and Affected Versions: The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress versions up to, and including, 3.5.4 Description: The issue is related to a missing capability check on the atkp import product function, allowing authenticated attackers...

HT Easy GA4 – Google Analytics WordPress Plugin < 1.2.0 - Missing Authorization to Unauthenticated GA4 Email Update

Description The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to upda...

EventPrime – Events Calendar, Bookings and Tickets < 3.4.3 - Missing Authorization to Arbitrary Post Overwrite

Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for...

PT-2024-18362 · WordPress · Affiliate-Toolkit – Wordpress Affiliate Plugin

Name of the Vulnerable Software and Affected Versions: The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress versions up to, and including, 3.5.4 Description: The issue is related to unauthorized access due to a missing capability check on the atkp create list function. This...