5257 matches found
CVE-2024-1078 Quiz Maker <= 6.5.2.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Creation & Modification
The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aysquickstart and addquestionrows functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level acce...
CVE-2024-1079 Quiz Maker <= 6.5.2.4 - Missing Authorization to Unauthenticated Quiz Data Retrieval
The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aysshowresults function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain P...
PT-2024-16751 · WordPress · Podlove Podcast Publisher
Name of the Vulnerable Software and Affected Versions: Podlove Podcast Publisher plugin for WordPress versions prior to 4.0.12 Description: The issue arises from a missing capability check on the init download and init functions, allowing unauthorized access to data. This enables unauthenticated...
PT-2024-16548 · WordPress · Quiz Maker
Name of the Vulnerable Software and Affected Versions: The Quiz Maker plugin for WordPress versions up to, and including, 6.5.2.4 Description: The issue arises from a missing capability check on the ays show results function, allowing unauthenticated attackers to access arbitrary quiz results,...
$1,900 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in Cookie Information | Free GDPR Consent Solution WordPress Plugin
On December 11th, 2023, during our Holiday Bug Extravaganza, we received a submission for an Arbitrary Options Update vulnerability in Cookie Information | Free GDPR Consent Solution, a WordPress plugin with more than 100,000+ active installations. This vulnerability could be used by authenticate...
Cloudflare < 4.12.3 - Missing Authorization via initProxy
Description The Cloudflare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'initProxy' function in versions up to and including 4.12.2. This makes it possible for authenticated attackers, with subscriber access and above, to send requests...
Quiz Maker < 6.5.2.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Creation & Modification
Description The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aysquickstart and addquestionrows functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with...
CVE-2024-1092
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for...
CVE-2024-1092
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for...
CVE-2024-1121
The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...
CVE-2024-0835
The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...
CVE-2024-0797
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible fo...
CVE-2024-0835
The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...
CVE-2024-0370
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...
CVE-2024-0372
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...
Design/Logic Flaw
The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible fo...
CVE-2024-0372
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...
Design/Logic Flaw
The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update th...
Design/Logic Flaw
The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprodlitenewlpage function in all versions up to, and including, 6.15.21...
Design/Logic Flaw
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for...