5259 matches found
PT-2024-17468 · WordPress · Kali Forms
Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.3.41 Description: The issue arises from a missing capability check on the await plugin deactivation function, allowing authenticated attackers with subscriber access or higher t...
PT-2024-16636 · WordPress · Imagerecycle
Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to remove all plugin data due to a missing capability...
PT-2024-16632 · WordPress · Imagerecycle
Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to modify image optimization settings due to a missin...
Tutor LMS < 2.6.1 - Missing Authorization
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticate...
PT-2024-16275 · WordPress · Amp For Wp – Accelerated Mobile Pages
Name of the Vulnerable Software and Affected Versions: AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to, and including, 1.0.93.1 Description: The issue is related to unauthorized loss of data due to a missing capability check on the amppb remove saved layout data function...
PT-2024-15960 · WordPress · Imagerecycle
Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue is related to a missing capability check on the enableOptimization function, allowing authenticated attackers with...
PT-2024-17955
Name of the Vulnerable Software and Affected Versions SKT Page Builder plugin for WordPress versions up to, and including, 4.1 Microsoft Outlook client affected versions not specified Description The issue allows for unauthorized modification of data due to a missing capability check on the...
Schema & Structured Data for WP & AMP < 1.27 - Contributor+ reCaptcha Key Update
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function, allowing authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially...
PT-2024-18002 · WordPress · Paid Membership Subscriptions
Name of the Vulnerable Software and Affected Versions: Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress versions up to, and including, 2.11.1 Description: The issue is related to unauthorized modification of data due to a missin...
PT-2024-16622 · WordPress · Imagerecycle
Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to modify image optimization settings due to a missin...
PT-2024-15632 · WordPress · The Royal Elementor Addons/Templates
Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.87 Description: The issue is related to a missing capability check on the wpr update form action meta function, allowing unauthorized post metada...
PT-2024-17959 · WordPress · The Login Lockdown – Protect Login Form
Name of the Vulnerable Software and Affected Versions: The Login Lockdown – Protect Login Form plugin for WordPress versions up to, and including, 2.08 Description: The issue is related to a missing capability check on the generate export file function. This allows authenticated attackers with...
PT-2024-18133 · WordPress · Woocommerce Google Sheet Connector
Name of the Vulnerable Software and Affected Versions: WooCommerce Google Sheet Connector plugin for WordPress versions up to, and including, 1.3.11 Description: The issue allows unauthorized modification of data due to a missing capability check on the execute post data function. This makes it...
Exploit for Missing Authorization in Xlplugins Nextmove
CVE-2024-25092 NextMove Lite 2.18.0 - Subscriber+ Arbitra...
WP Media folder < 5.7.3 - Missing Authorization to Authenticated(Subscriber+) Plugin settings change
Description The wp-media-folder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber access and above, to...
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.11.2 - Missing Authorization via pms_stripe_connect_handle_authorization_return
Description The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up t...
SKT Page Builder < 4.2 - Missing Authorization to Authenticated(Subscriber+) Content Injection
Description The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access...
NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'xladdoninstallation' function, allowing authenticated attackers, with subscriber access and above, to install and activate arbitrary plugins...
CVE-2024-0596
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editorhtml function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with...
CVE-2024-0595
The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpasgetusers function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with...