CVE-2024-1687

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the gettexteditorcontent function in all versions up to, and including, 1.1.2. This makes it possible for authenticat...

Authentication flaw

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the gettexteditorcontent function in all versions up to, and including, 1.1.2. This makes it possible for authenticat...

CVE-2024-1687 Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the gettexteditorcontent function in all versions up to, and including, 1.1.2. This makes it possible for authenticat...

Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Subscriber+ Template Creation

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function, allowing subscribers and higher to create templates...

PT-2024-18000 · WordPress · Yuki Theme

Name of the Vulnerable Software and Affected Versions: Yuki theme for WordPress versions up to, and including, 1.3.13 Description: The issue allows authenticated attackers with subscriber-level access and above to reset the theme's settings due to a missing capability check on the reset customize...

Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan < 4.53 - Missing Authorization to Authenticated (Subscriber+) Table Truncation

Description The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihackertruncatescantable function in all versions up to, and including,...

PT-2024-18198 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory...

Redirects <= 1.2.1 - Missing Authorization via save

Description The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin...

PT-2024-18196 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue arises from a missing capability check on the categorifyAjaxDeleteCategory function, allowing authenticated attackers with subscriber-level access a...

CVE-2024-1710

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

CVE-2024-1710

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

Design/Logic Flaw

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

PT-2024-18223 · WordPress · The Thank You Page Customizer For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to a missing capability check on the get text editor content function, allowing...

Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxRenameCategory

Description The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-leve...

Duitku Payment Gateway < 2.11.7 - Missing Authorization via check_duitku_response

Description The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkduitkuresponse function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the...

Relevanssi < 4.22.1 - Unauthenticated Query Log Export

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function, allowing unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper...

Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxDeleteCategory

Description The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-leve...

Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxUpdateFolderPosition

Description The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level...

Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxAddCategory

Description The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level...

ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update

Description The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibotupdate function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, wit...