Lucene search
K

5256 matches found

Prion
Prion
added 2024/02/28 9:15 a.m.18 views

Design/Logic Flaw

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...

4CVSS6.9AI score0.00457EPSS
Exploits0References2
CVE
CVE
added 2024/02/28 8:33 a.m.91 views

CVE-2024-0766

CVE-2024-0766 affects Envo’s Elementor Templates & Widgets for WooCommerce plugin for WordPress. A missing capability check in templates_ajax_request allows unauthorized data modification, enabling subscribers and higher roles to create templates in all versions up to and including 1.4.4. The con...

4.3CVSS5.2AI score0.00457EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/02/28 8:33 a.m.27 views

CVE-2024-0766 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...

4.3CVSS4.7AI score0.00457EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/28 8:33 a.m.10 views

CVE-2024-0766 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...

4.3CVSS6.6AI score0.00457EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/28 8:33 a.m.13 views

CVE-2024-1566 Redirects <= 1.2.1 - Missing Authorization via save

The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could...

6.5CVSS6.8AI score0.0053EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/28 8:33 a.m.28 views

CVE-2024-1566 Redirects <= 1.2.1 - Missing Authorization via save

The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could...

6.5CVSS6.5AI score0.0053EPSS
Exploits0References2
NVD
NVD
added 2024/02/28 7:15 a.m.9 views

CVE-2024-1388

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

4.3CVSS4.3AI score0.0034EPSS
Exploits0References2
Prion
Prion
added 2024/02/28 7:15 a.m.16 views

Design/Logic Flaw

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

4CVSS4.4AI score0.0034EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/28 6:46 a.m.11 views

CVE-2024-1388 Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/28 6:46 a.m.26 views

CVE-2024-1388 Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

4.3CVSS4.6AI score0.0034EPSS
Exploits0References2
CVE
CVE
added 2024/02/28 6:46 a.m.89 views

CVE-2024-1388

CVE-2024-1388 affects the Yuki WordPress theme. Root cause: missing capability check in reset_customizer_options(), affecting all versions up to and including 1.3.13. Impact: authenticated users with subscriber+ can reset the theme settings, enabling unauthorized modification of data. Remediation...

4.3CVSS4.6AI score0.0034EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.8 views

PT-2024-17980 · WordPress · Page Duplicator

Name of the Vulnerable Software and Affected Versions: Page Duplicator plugin for WordPress versions up to, and including, 0.1.1 Description: The issue is related to unauthorized modification of data due to a missing capability check on the duplicate dat page function. This allows unauthenticated...

5.3CVSS9.5AI score0.00422EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.8 views

PT-2024-18369 · WordPress · Disable Json Api

Name of the Vulnerable Software and Affected Versions: Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress versions up to, and including, 4.51 Description: The issue is related to unauthorized modification of data due to a missing...

6.5CVSS9.4AI score0.00378EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.10 views

PT-2024-18370 · WordPress · Disable Json Api

Name of the Vulnerable Software and Affected Versions: Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress versions up to, and including, 4.52 Description: The issue is related to unauthorized modification of data due to a missing...

4.3CVSS9.2AI score0.00361EPSS
Exploits0References8
OSV
OSV
added 2024/02/27 11:15 a.m.4 views

CVE-2024-1649

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS7.3AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2024/02/27 11:15 a.m.26 views

CVE-2024-1650

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.3AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2024/02/27 11:15 a.m.28 views

CVE-2024-1649

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.3AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2024/02/27 11:15 a.m.24 views

CVE-2024-1653

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.3AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2024/02/27 11:15 a.m.4 views

CVE-2024-1650

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS7.3AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2024/02/27 11:15 a.m.5 views

CVE-2024-1653

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS7.3AI score0.0034EPSS
Exploits0References2
Rows per page
Query Builder