5256 matches found
Design/Logic Flaw
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...
CVE-2024-0766
CVE-2024-0766 affects Envo’s Elementor Templates & Widgets for WooCommerce plugin for WordPress. A missing capability check in templates_ajax_request allows unauthorized data modification, enabling subscribers and higher roles to create templates in all versions up to and including 1.4.4. The con...
CVE-2024-0766 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...
CVE-2024-0766 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...
CVE-2024-1566 Redirects <= 1.2.1 - Missing Authorization via save
The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could...
CVE-2024-1566 Redirects <= 1.2.1 - Missing Authorization via save
The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could...
CVE-2024-1388
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...
Design/Logic Flaw
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...
CVE-2024-1388 Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...
CVE-2024-1388 Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...
CVE-2024-1388
CVE-2024-1388 affects the Yuki WordPress theme. Root cause: missing capability check in reset_customizer_options(), affecting all versions up to and including 1.3.13. Impact: authenticated users with subscriber+ can reset the theme settings, enabling unauthorized modification of data. Remediation...
PT-2024-17980 · WordPress · Page Duplicator
Name of the Vulnerable Software and Affected Versions: Page Duplicator plugin for WordPress versions up to, and including, 0.1.1 Description: The issue is related to unauthorized modification of data due to a missing capability check on the duplicate dat page function. This allows unauthenticated...
PT-2024-18369 · WordPress · Disable Json Api
Name of the Vulnerable Software and Affected Versions: Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress versions up to, and including, 4.51 Description: The issue is related to unauthorized modification of data due to a missing...
PT-2024-18370 · WordPress · Disable Json Api
Name of the Vulnerable Software and Affected Versions: Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress versions up to, and including, 4.52 Description: The issue is related to unauthorized modification of data due to a missing...
CVE-2024-1649
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1650
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1649
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1653
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1650
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1653
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...