5246 matches found
PT-2024-15911 · WordPress · Nex-Forms
Name of the Vulnerable Software and Affected Versions: NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress versions up to, and including, 8.5.6 Description: The issue is related to unauthorized access due to a missing capability check on the restore records...
CVE-2024-0836
The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrsreviewedit function in all versions up to, and including, 2.1.14. This makes it possible for authenticated...
CVE-2024-0836
The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrsreviewedit function in all versions up to, and including, 2.1.14. This makes it possible for authenticated...
Design/Logic Flaw
The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrsreviewedit function in all versions up to, and including, 2.1.14. This makes it possible for authenticated...
CVE-2024-0836 WordPress Review & Structure Data Schema Plugin – Review Schema <= 2.1.14 - Missing Authorization to Arbitrary Review Update
The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrsreviewedit function in all versions up to, and including, 2.1.14. This makes it possible for authenticated...
CVE-2024-0836
CVE-2024-0836 relates to the WordPress plugin “Review Schema” (WordPress Review & Structure Data Schema Plugin). The vulnerability is due to a missing capability check in the rtrs_review_edit() function, affecting all versions up to and including 2.1.14. It allows authenticated attackers with sub...
NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.5.7 - Missing Authorization via set_read()
Description The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...
PT-2024-15855 · WordPress · Wordpress Review & Structure Data Schema Plugin
Name of the Vulnerable Software and Affected Versions: The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress versions up to, and including, 2.1.14 Description: The issue allows authenticated attackers with subscriber-level access and above to modify arbitrary...
Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update
Description The plugin is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler, allowing any authenticated users, such as subscriber to update arbitrary site options PoC Run the below command in the developer console of the web browser while being o...
NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.5.7 - Missing Authorization via restore_records()
Description The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restorerecords function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attacker...
VulnCheck KEV: CVE-2023-6700
The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level...
WCMultiShipping < 2.3.8 - Subscriber+ Arbitrary Account Credentials Test
Description The plugin does not have proper capability check on its wmschronoposttestcredentialsajax function, allowing any authenticate duets, such as with subscriber, to test account credentials...
Abandoned Cart Lite for WooCommerce < 5.16.1 - Improper Authorization via wcal_delete_expired_used_coupon_code
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wcaldeleteexpiredusedcouponcode function. This makes it possible for unauthenticated attackers to preview emails, granted they are able to obtain a nonce via a separate vulnerability...
Abandoned Cart Lite for WooCommerce < 5.16.1 - Improper Authorization via wcal_preview_emails
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wcalpreviewemails function. This makes it possible for unauthenticated attackers to preview emails, granted they are able to obtain a nonce via a separate vulnerability...
WPvivid < 0.9.95 - Missing Authorization
Description The plugin vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function, making it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID...
CVE-2024-0617
The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...
CVE-2024-0617
The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...
CVE-2024-0617 Category Discount Woocommerce <= 4.12 - Missing Authorization via wpcd_save_discount()
The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...
10Web AI Assistant – AI content writing assistant < 1.0.19 - Missing Authorization to Arbitrary Plugin Installation
Description The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated...
PT-2024-15693 · WordPress · Category Discount Woocommerce
Name of the Vulnerable Software and Affected Versions: Category Discount Woocommerce plugin for WordPress versions up to, and including, 4.12 Description: The issue arises from a missing capability check on the wpcd save discount function, allowing unauthenticated attackers to modify product...