Lucene search
K

5257 matches found

Cvelist
Cvelist
added 2024/02/07 7:32 a.m.24 views

CVE-2024-1078 Quiz Maker <= 6.5.2.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Creation & Modification

The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aysquickstart and addquestionrows functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS4.7AI score0.00359EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/07 7:32 a.m.32 views

CVE-2024-1079 Quiz Maker <= 6.5.2.4 - Missing Authorization to Unauthenticated Quiz Data Retrieval

The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aysshowresults function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain P...

5.3CVSS5.5AI score0.00549EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.4 views

PT-2024-16751 · WordPress · Podlove Podcast Publisher

Name of the Vulnerable Software and Affected Versions: Podlove Podcast Publisher plugin for WordPress versions prior to 4.0.12 Description: The issue arises from a missing capability check on the init download and init functions, allowing unauthorized access to data. This enables unauthenticated...

5.3CVSS6.2AI score0.00553EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/02/07 12:0 a.m.4 views

PT-2024-16548 · WordPress · Quiz Maker

Name of the Vulnerable Software and Affected Versions: The Quiz Maker plugin for WordPress versions up to, and including, 6.5.2.4 Description: The issue arises from a missing capability check on the ays show results function, allowing unauthenticated attackers to access arbitrary quiz results,...

5.3CVSS6.3AI score0.00549EPSS
Exploits0References8
Wordfence Blog
Wordfence Blog
added 2024/02/06 3:36 p.m.26 views

$1,900 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in Cookie Information | Free GDPR Consent Solution WordPress Plugin

On December 11th, 2023, during our Holiday Bug Extravaganza, we received a submission for an Arbitrary Options Update vulnerability in Cookie Information | Free GDPR Consent Solution, a WordPress plugin with more than 100,000+ active installations. This vulnerability could be used by authenticate...

6.5CVSS7.3AI score0.0147EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.22 views

Cloudflare < 4.12.3 - Missing Authorization via initProxy

Description The Cloudflare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'initProxy' function in versions up to and including 4.12.2. This makes it possible for authenticated attackers, with subscriber access and above, to send requests...

8.1CVSS6.8AI score0.00848EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.15 views

Quiz Maker < 6.5.2.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Creation & Modification

Description The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aysquickstart and addquestionrows functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with...

4.3CVSS6.8AI score0.00359EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/02/05 10:16 p.m.16 views

CVE-2024-1092

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for...

4.3CVSS4.3AI score0.0045EPSS
Exploits0References2
OSV
OSV
added 2024/02/05 10:16 p.m.3 views

CVE-2024-1092

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for...

4.3CVSS7.3AI score0.0045EPSS
Exploits0References2
NVD
NVD
added 2024/02/05 10:16 p.m.17 views

CVE-2024-1121

The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...

5.3CVSS5.1AI score0.00562EPSS
Exploits0References2
NVD
NVD
added 2024/02/05 10:16 p.m.22 views

CVE-2024-0835

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...

4.3CVSS4.5AI score0.00533EPSS
Exploits0References3
OSV
OSV
added 2024/02/05 10:16 p.m.5 views

CVE-2024-0797

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible fo...

4.3CVSS7.4AI score0.00424EPSS
Exploits0References2
OSV
OSV
added 2024/02/05 10:16 p.m.2 views

CVE-2024-0835

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...

4.3CVSS5.9AI score0.00533EPSS
Exploits0References3
NVD
NVD
added 2024/02/05 10:16 p.m.27 views

CVE-2024-0370

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

4.3CVSS4.3AI score0.00428EPSS
Exploits0References2
NVD
NVD
added 2024/02/05 10:16 p.m.33 views

CVE-2024-0372

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

4.3CVSS4.2AI score0.00359EPSS
Exploits0References2
Prion
Prion
added 2024/02/05 10:16 p.m.16 views

Design/Logic Flaw

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible fo...

4CVSS7.1AI score0.00424EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/05 10:16 p.m.5 views

CVE-2024-0372

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

4.3CVSS5.6AI score0.00359EPSS
Exploits0References2
Prion
Prion
added 2024/02/05 10:16 p.m.16 views

Design/Logic Flaw

The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update th...

5CVSS7AI score0.0051EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/02/05 10:16 p.m.19 views

Design/Logic Flaw

The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprodlitenewlpage function in all versions up to, and including, 6.15.21...

5CVSS6.9AI score0.0068EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2024/02/05 10:16 p.m.15 views

Design/Logic Flaw

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for...

4CVSS6.7AI score0.0045EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder