CVE-2023-6158

CVE-2023-6158 (EventON WordPress Plugin) : The vulnerability arises from a missing capability check in evo_eventpost_update_meta, allowing unauthenticated attackers to update and remove arbitrary post metadata. Affected are EventON Pro (versions <= 4.5.4) and EventON (free) (versions

Design/Logic Flaw

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for...

CVE-2023-6798 RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Missing Authorization

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for...

Local Delivery Drivers for WooCommerce < 1.9.1 - Missing Authorization to Driver Account Takeover

Description The Local Delivery Drivers for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'lddfweditdriverservice' function in all versions up to, and including, 1.9.0. This makes it possible for...

Profile Builder < 3.10.8 - Contributor+ User Metadata Disclosure

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wppbtoolboxusermetahandler function allowing authenticated attackers, with contributor-level access and above, to expose sensitive information within user metadata...

Simple Staff List < 2.2.5 - Missing Authorization via ajax_flush_rewrite_rules and staff_member_export

Description The Simple Staff List plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the ajaxflushrewriterules and staffmemberexport functions in versions up to, and including, 2.2.4. This makes it possible for...

WooCommerce Shipping Per Product < 2.5.5 - Missing Authorization

Description The WooCommerce Shipping Per Product plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with customer-level access and above, to perform ...

Stylish Price List < 7.0.18 - Missing Authorization

Description The Stylish Price List plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on multiple functions in versions up to, and including, 7.0.17. This makes it possible for authenticated attackers, with contributor-level access a...

BulkGate SMS Plugin for WooCommerce < 3.0.3 - Missing Authorization via Multiple AJAX Actions

Description The BulkGate SMS Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with subscriber-level...

Product Filter by WBW < 2.5.1 - Subscriber+ Table Data Access

Description The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getListForTbl function hooked via AJAX in versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with subscriber-leve...

Sirv < 7.1.3 - Missing Authorization via sirv_disconnect

Description The Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirvdisconnect function hooked via AJAX in versions up to, and including, 7.1.2. This makes it possible for authenticated attackers, with subscriber-level access a...

weForms < 1.6.19 - Missing Authorization via export_form_entries

Description The weForms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportformentries' function in versions up to, and including, 1.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

CVE-2024-0201

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savesettings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions ...

CVE-2024-0201

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savesettings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions ...

CVE-2024-0201 Product Expiry for WooCommerce <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savesettings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions ...

CVE-2024-0201

CVE-2024-0201 affects Product Expiry for WooCommerce (WordPress). Root cause: missing capability check in the plugin’s save_settings function, allowing authenticated users with subscriber-level permissions or higher to modify settings in versions up to 2.5. Remediate by upgrading to 2.6 (patched)...

CVE-2023-7068

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprintpackinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated...

Information disclosure

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprintpackinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated...

CVE-2023-6600

The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the updatesettings function hooked via admininit in all versions up to, and including, 5.7.9. Th...

CVE-2023-6600

CVE-2023-6600 affects the OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. WordPress plugin (versions up to 5.7.9). The vulnerability stems from a missing capability check in update_settings() hooked via admin_init, enabling unauthenticated modification of the plugin’s settings, which can ...