CVE-2024-1285 Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambitbuildersavecontent' function in all versions up to, and including, 5.1.0. This makes it possible for...

CVE-2024-1095 Build & Control Block Patterns – Boost up Gutenberg Editor <= 1.3.5.4 - Missing Authorization

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...

CVE-2024-1095 Build & Control Block Patterns – Boost up Gutenberg Editor <= 1.3.5.4 - Missing Authorization

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...

CVE-2024-1178 SportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update

The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...

CVE-2024-1178 SportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update

The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...

PT-2024-16648 · WordPress · Change Memory Limit

Name of the Vulnerable Software and Affected Versions: Change Memory Limit plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to unauthorized modification of data due to a missing capability check on the admin logic function hooked via admin init. This allow...

PT-2024-17252 · WordPress · Sportspress

Name of the Vulnerable Software and Affected Versions: SportsPress – Sports Club & League Manager plugin for WordPress versions up to, and including, 2.7.17 Description: The issue allows unauthorized modification of data due to a missing capability check on the settings save function. This makes ...

Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing

Description The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambitbuildersavecontent' function in all versions up to, and including, 5.1.0. This makes it possible...

Change Memory Limit <= 1.0 - Missing Authorization via admin_logic()

Description The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminlogic function hooked via admininit in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update t...

SportsPress – Sports Club & League Manager < 2.7.18 - Missing Authorization to Unauthenticated Event Permalink Update

Description The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to...

Image Optimizer, Resizer and CDN – Sirv < 7.2.1 - Missing Authorization

Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including 7.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above,...

CVE-2024-1120

The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the downloadtoolssettings function in all versions up to, and including,...

CVE-2024-1120

The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the downloadtoolssettings function in all versions up to, and including,...

Design/Logic Flaw

The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the downloadtoolssettings function in all versions up to, and including,...

CVE-2024-1120

CVE-2024-1120 affects NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce on WordPress. The flaw is a missing capability check in download_tools_settings() across all versions up to 2.17.0, allowing unauthenticated attackers to export ...

CVE-2024-1982

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the getrestoreprogress and restore functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL...

CVE-2024-1982

CVE-2024-1982 affects Migration, Backup, Staging – WPvivid (WordPress). Root cause: missing capability check in get_restore_progress() and restore() across all versions up to 0.9.68. Impact: unauthenticated attackers can trigger a SQL injection or DoS. Public references confirm the vulnerability ...

CVE-2024-1390

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...

CVE-2024-1389

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up to, and...

CVE-2024-1390

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...