PT-2024-15142 · WordPress · Getwid

Name of the Vulnerable Software and Affected Versions: Getwid – Gutenberg Blocks plugin for WordPress versions prior to 2.0.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the recaptcha api key manage function. This makes it possible for...

MultiVendorX Marketplace < 4.0.26 - Missing Authorization

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check, allowing unauthenticated attackers to call a function that should be accessible to higher users only...

Advanced Forms for ACF < 1.9.3.3 - Missing Authorization to Unauthenticated Form Settings Export

Description The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...

WooCommerce Box Office < 1.2.3 - Missing Authorization

Description The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

PT-2024-15505 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to a missing capability check on the save view function, allowing...

Shareaholic < 9.7.12 - Missing Authorization via accept_terms_of_service

Description The Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'accepttermsofservice' function in all versions up to, and including, 9.7.11. This makes it...

WP Dummy Content Generator < 3.1.3 - Missing Authorization

Description The WP Dummy Content Generator plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability check son the wpdummycontentgeneratorDeletePosts and wpdummycontentgeneratorAjaxGenPosts functions in versions up to, and including, 3.1.2. This makes it...

PT-2024-15470 · WordPress · User Profile Builder

Name of the Vulnerable Software and Affected Versions: The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress versions up to, and including, 3.10.8 Description: The issue is related to a missing capability check on the wppb two factor...

PilotPress < 2.0.31 - Subscriber+ Report Access & DB Transients Purging

Description The plugin is vulnerable to unauthorized access to data and loss of data due to a missing capability check on multiple AJAX functions, allowing authenticated attackers, with subscriber access and above, to view reports and purge database transients...

Quicksand Post Filter jQuery Plugin <= 3.1.1 - Missing Authorization via quicksand_admin_ajax

Description The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'quicksandadminajax' function in versions up to, and including, 3.1.1. This makes it possible for unauthenticated attackers to delete...

WP Club Manager – WordPress Sports Club Plugin < 2.2.11 - Missing Authorization to Unauthenticated Event Permalink Update

Description The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers ...

Location Picker at Checkout for WooCommerce < 1.9.0 - Missing Authorization via checkout_map_rules_order_ajax_handler

Description The Location Picker at Checkout for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkoutmaprulesorderajaxhandler function in versions up to, and including, 1.8.9. This makes it possible for authenticated...

CVE-2024-1047

Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in various versions. This makes it possible for unauthenticated attackers to update options values that allow...

CVE-2024-1047

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API ke...

Design/Logic Flaw

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API ke...

CVE-2024-1047 ThemeIsle SDK <= Various Versions - Missing Authorization

Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in various versions. This makes it possible for unauthenticated attackers to update options values that allow...

CVE-2024-1047

CVE-2024-1047 concerns Orbit Fox by ThemeIsle (WordPress) with a vulnerability in register_reference() causing unauthorized modification of data. The issue exists in all versions up to and including 2.10.28 due to a missing capability check, enabling unauthenticated attackers to update the connec...

WooCommerce Conversion Tracking < 2.0.12 - Subscriber+ Addon Installation

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcctinstallhappyaddons' function, allowing any authenticated users, such as subscriber to install the Happy Elementor Addons plugin...

CVE-2024-1130 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_read()

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

CVE-2024-1129 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_starred()

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setstarred function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...