CVE-2023-6598

The CVE-2023-6598 entry concerns the SpeedyCache WordPress plugin (versions up to and including 1.1.3) with a missing capability check in functions speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource. This al...

CVE-2023-6751 Hostinger <= 1.9.7 - Missing Authorization to Maintenance Mode Activation

The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode...

CVE-2023-6638 GTG Product Feed for Shopping <= 1.2.4 - Missing Authorization to Unauthenticated Plugin Settings Update

The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings...

CVE-2023-6638

CVE-2023-6638 affects the GTG Product Feed for Shopping WordPress plugin (versions

CVE-2023-7019 LightStart – Maintenance Mode, Coming Soon and Landing Page Builder <= 2.6.8 - Missing Authorization

The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the inserttemplate function in all versions up to, and including, 2.6.8. This makes it possible for authenticated...

CVE-2023-6878 Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update

The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssbajaxupdate' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permission...

CVE-2023-6637 CAOS | Host Google Analytics Locally <= 4.7.14 - Missing Authorization to Unauthenticated Plugin Settings Update

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin...

CVE-2023-6637

CVE-2023-6637 affects the CAOS | Host Google Analytics Locally WordPress plugin. A missing capability check in the update_settings function (vulnerable through 4.7.14) allows unauthenticated attackers to modify plugin settings. The issue originates from broken access control in updating settings,...

CVE-2023-6369 Export WP Page to Static HTML/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX Actions

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with...

CVE-2023-6742 Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'enviragalleryinsertimages' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated...

CVE-2023-6883

The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

Design/Logic Flaw

The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

CVE-2023-6883

CVE-2023-6883 : The Easy Social Feed plugin for WordPress (versions up to 6.5.2) is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions. This allows authenticated attackers with subscriber-level access and above to perform actions such as m...

Envira Gallery Lite < 1.8.7.3 - Missing Authorization to Gallery Modification via envira_gallery_insert_images

Description The plugin is vulnerable to unauthorized modification of data due to an improper capability check on the 'enviragalleryinsertimages' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify...

PT-2024-15039 · WordPress · Gtg Product Feed For Shopping

Name of the Vulnerable Software and Affected Versions: GTG Product Feed for Shopping plugin for WordPress versions up to, and including, 1.2.4 Description: The issue is related to a missing capability check on the update settings function, allowing unauthenticated attackers to update plugin...

PT-2024-15038 · WordPress · Caos | Host Google Analytics Locally

Name of the Vulnerable Software and Affected Versions: CAOS | Host Google Analytics Locally plugin for WordPress versions up to, and including, 4.7.14 Description: The issue allows unauthorized modification of data due to a missing capability check on the update settings function. This makes it...

PT-2024-15181 · WordPress · The Lightstart – Maintenance Mode

Name of the Vulnerable Software and Affected Versions: The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress versions up to, and including, 2.6.8 Description: The issue is related to a missing capability check on the insert template function, allowing...

CVE-2023-6158

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...

Design/Logic Flaw

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...

CVE-2023-6158 EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...