CVE-2024-1177 WP Club Manager – WordPress Sports Club Plugin <= 2.2.10 - Missing Authorization to Unauthenticated Event Permalink Update

The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update th...

CVE-2024-0835 Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...

CVE-2023-6700 Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Update

The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level acce...

CVE-2024-0370 Views for WPForms <= 3.2.2 - Missing Authorization via save_view

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

CVE-2024-0370

The CVE-2024-0370 entry affects Views for WPForms – Display & Edit WPForms Entries on your site frontend (WordPress), vulnerable versions up to and including 3.2.2. The root cause is a missing authorization check in the save_view function, enabling authenticated users with subscriber access and a...

CVE-2024-0324 User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppbtwofactorauthenticationsettingsupdate' function in all versions up to, and including...

CVE-2023-6985 10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...

CVE-2023-6985

CVE-2023-6985 affects the WordPress plugin 10Web AI Assistant (ai-assistant-by-10web) up to version 1.0.18. The root cause is a missing capability check on the install_plugin AJAX action, allowing authenticated attackers with subscriber-level access and above to install arbitrary plugins and pote...

CVE-2024-0791 WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Missing Authorization

The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm functions in all versions up to, and...

CVE-2024-0797 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Missing Authorization

The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible fo...

PT-2024-15159 · 10Web · 10Web Ai Assistant

Name of the Vulnerable Software and Affected Versions: 10Web AI Assistant versions up to, and including, 1.0.18 Description: The issue allows authenticated attackers with subscriber-level access and above to install arbitrary plugins, potentially gaining further access to a compromised site. This...

Happyforms < 1.25.11 - Missing Authorization

Description The plugin is vulnerable to unauthorized access due to a missing capability check, allowing unauthenticated attackers to perform unauthorized actions...

PT-2024-15506 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to unauthorized modification of data due to a missing capability check on...

PT-2024-15507 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to unauthorized access of data due to a missing capability check on the g...

PT-2024-15142 · WordPress · Getwid

Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions prior to 2.0.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the recaptcha api key manage function. This makes it possible for...

MultiVendorX Marketplace < 4.0.26 - Missing Authorization

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check, allowing unauthenticated attackers to call a function that should be accessible to higher users only...

Advanced Forms for ACF < 1.9.3.3 - Missing Authorization to Unauthenticated Form Settings Export

Description The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...

WooCommerce Box Office < 1.2.3 - Missing Authorization

Description The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

PT-2024-15505 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to a missing capability check on the save view function, allowing...

PT-2024-15830 · Woocommerce · Active Products Tables For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Active Products Tables for WooCommerce versions up to, and including, 1.0.6.1 Description: The issue allows unauthorized access to functionality due to a missing capability check on several functions. This makes it possible for subscriber...