CVE-2024-1091 ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Plugin Data Removal in reinitialize

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-1337 SKT Page Builder <= 4.1 - Missing Authorization to Authenticated(Subscriber+) Content Injection

The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access and above, ...

CVE-2024-1340

The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generateexportfile function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and...

CVE-2024-1337

The CVE-2024-1337 advisory concerns the WordPress SKT Page Builder plugin. A missing capability check in saveSktbuilderPageData affects all versions up to and including 4.1, permitting authenticated users with subscriber access or higher to inject arbitrary content and modify data on pages. Pract...

CVE-2024-1318

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzywizardstepprocess' and 'importstatus' functions in all versions up to, and...

CVE-2024-1318

The CVE-2024-1318 issue affects the WordPress plugin RSS Aggregator by Feedzy (versions up to 4.4.2). Root cause: missing capability checks in feedzy_wizard_step_process and import_status functions, allowing an authenticated user with Contributor+ privileges to modify data and draft/publish posts...

CVE-2024-0983

CVE-2024-0983 affects the ImageRecycle pdf & image compression WordPress plugin (versions

CVE-2024-1390 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via creating_pricing_table_page

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...

PT-2024-17468 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.3.41 Description: The issue arises from a missing capability check on the await plugin deactivation function, allowing authenticated attackers with subscriber access or higher t...

PT-2024-16636 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to remove all plugin data due to a missing capability...

PT-2024-16632 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to modify image optimization settings due to a missin...

Tutor LMS < 2.6.1 - Missing Authorization

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticate...

PT-2024-17955

Name of the Vulnerable Software and Affected Versions SKT Page Builder plugin for WordPress versions up to, and including, 4.1 Microsoft Outlook client affected versions not specified Description The issue allows for unauthorized modification of data due to a missing capability check on the...

PT-2024-17959 · WordPress · The Login Lockdown – Protect Login Form

Name of the Vulnerable Software and Affected Versions: The Login Lockdown – Protect Login Form plugin for WordPress versions up to, and including, 2.08 Description: The issue is related to a missing capability check on the generate export file function. This allows authenticated attackers with...

PT-2024-16275 · WordPress · Amp For Wp – Accelerated Mobile Pages

Name of the Vulnerable Software and Affected Versions: AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to, and including, 1.0.93.1 Description: The issue is related to unauthorized loss of data due to a missing capability check on the amppb remove saved layout data function...

PT-2024-15960 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue is related to a missing capability check on the enableOptimization function, allowing authenticated attackers with...

Schema & Structured Data for WP & AMP < 1.27 - Contributor+ reCaptcha Key Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function, allowing authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially...

PT-2024-18133 · WordPress · Woocommerce Google Sheet Connector

Name of the Vulnerable Software and Affected Versions: WooCommerce Google Sheet Connector plugin for WordPress versions up to, and including, 1.3.11 Description: The issue allows unauthorized modification of data due to a missing capability check on the execute post data function. This makes it...

PT-2024-18002 · WordPress · Paid Membership Subscriptions

Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.11.1 Description: The issue is related to unauthorized modification of data due to a missin...

PT-2024-16622 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to modify image optimization settings due to a missin...