Lucene search
K

5259 matches found

Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.4 views

PT-2024-17468 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.3.41 Description: The issue arises from a missing capability check on the await plugin deactivation function, allowing authenticated attackers with subscriber access or higher t...

7.6CVSS9.4AI score0.00306EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.7 views

PT-2024-16636 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to remove all plugin data due to a missing capability...

4.3CVSS9.3AI score0.00347EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.4 views

PT-2024-16632 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to modify image optimization settings due to a missin...

4.3CVSS9.3AI score0.00347EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.21 views

Tutor LMS < 2.6.1 - Missing Authorization

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticate...

4.3CVSS6.2AI score0.00375EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-16275 · WordPress · Amp For Wp – Accelerated Mobile Pages

Name of the Vulnerable Software and Affected Versions: AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to, and including, 1.0.93.1 Description: The issue is related to unauthorized loss of data due to a missing capability check on the amppb remove saved layout data function...

6.5CVSS6.8AI score0.00659EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.7 views

PT-2024-15960 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue is related to a missing capability check on the enableOptimization function, allowing authenticated attackers with...

4.3CVSS8.8AI score0.00372EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.4 views

PT-2024-17955

Name of the Vulnerable Software and Affected Versions SKT Page Builder plugin for WordPress versions up to, and including, 4.1 Microsoft Outlook client affected versions not specified Description The issue allows for unauthorized modification of data due to a missing capability check on the...

4.3CVSS6.8AI score0.00343EPSS
Exploits0References10
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.20 views

Schema & Structured Data for WP & AMP < 1.27 - Contributor+ reCaptcha Key Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function, allowing authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially...

4.3CVSS5AI score0.00431EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.4 views

PT-2024-18002 · WordPress · Paid Membership Subscriptions

Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.11.1 Description: The issue is related to unauthorized modification of data due to a missin...

4.3CVSS9.2AI score0.00538EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-16622 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to modify image optimization settings due to a missin...

4.3CVSS9.3AI score0.00428EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-15632 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.87 Description: The issue is related to a missing capability check on the wpr update form action meta function, allowing unauthorized post metada...

5.3CVSS9.2AI score0.00225EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.8 views

PT-2024-17959 · WordPress · The Login Lockdown – Protect Login Form

Name of the Vulnerable Software and Affected Versions: The Login Lockdown – Protect Login Form plugin for WordPress versions up to, and including, 2.08 Description: The issue is related to a missing capability check on the generate export file function. This allows authenticated attackers with...

5.4CVSS6AI score0.00393EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.6 views

PT-2024-18133 · WordPress · Woocommerce Google Sheet Connector

Name of the Vulnerable Software and Affected Versions: WooCommerce Google Sheet Connector plugin for WordPress versions up to, and including, 1.3.11 Description: The issue allows unauthorized modification of data due to a missing capability check on the execute post data function. This makes it...

5.3CVSS6.1AI score0.00431EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2024/02/14 11:30 a.m.456 views

Exploit for Missing Authorization in Xlplugins Nextmove

CVE-2024-25092 NextMove Lite 2.18.0 - Subscriber+ Arbitra...

8.8CVSS8.5AI score0.01376EPSS
Exploits3
WPVulnDB
WPVulnDB
added 2024/02/14 12:0 a.m.20 views

WP Media folder < 5.7.3 - Missing Authorization to Authenticated(Subscriber+) Plugin settings change

Description The wp-media-folder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber access and above, to...

5.5CVSS6.7AI score0.00364EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/13 12:0 a.m.12 views

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.11.2 - Missing Authorization via pms_stripe_connect_handle_authorization_return

Description The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up t...

5.3CVSS6.9AI score0.00519EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/12 12:0 a.m.12 views

SKT Page Builder < 4.2 - Missing Authorization to Authenticated(Subscriber+) Content Injection

Description The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access...

4CVSS6.4AI score0.00343EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/12 12:0 a.m.17 views

NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'xladdoninstallation' function, allowing authenticated attackers, with subscriber access and above, to install and activate arbitrary plugins...

6.3AI score0.01376EPSS
Exploits3References1Affected Software1
OSV
OSV
added 2024/02/10 7:15 a.m.4 views

CVE-2024-0596

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editorhtml function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with...

5.3CVSS7.3AI score0.004EPSS
Exploits0References2
OSV
OSV
added 2024/02/10 7:15 a.m.6 views

CVE-2024-0595

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpasgetusers function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00429EPSS
Exploits0References3
Rows per page
Query Builder