WordPress Elementor Pro Plugin < 3.11.7 Privilege Escalation Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elementor:elementorpro"; if description...

CVE-2023-5714

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sddbspecs function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acces...

CVE-2023-5714

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sddbspecs function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acces...

CVE-2023-5710

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdconstants function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2023-5710

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdconstants function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2023-5712

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdglobalvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

Design/Logic Flaw

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdconstants function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

Design/Logic Flaw

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdoptionvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

Design/Logic Flaw

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdphpinfo function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acces...

Design/Logic Flaw

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sddbspecs function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acces...

CVE-2023-5710 System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_constants)

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdconstants function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2023-5713 System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value)

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdoptionvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2023-5713

CVE-2023-5713 concerns the WordPress System Dashboard plugin (versions ≤ 2.8.7). The vulnerability stems from a missing capability check in the sd_option_value() AJAX handler, allowing authenticated users with subscriber-level access and above to obtain potentially sensitive option values and des...

CVE-2023-5714

CVE-2023-5714 : The WordPress plugin System Dashboard is vulnerable up to version 2.8.7 due to a missing capability check in the Ajax-hooked function sd_db_specs(), allowing authenticated users with subscriber-level access and above to retrieve data key specs. Reports from NVD and Wordfence align...

CVE-2023-5711 System Dashboard <= 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdphpinfo function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level acces...

PT-2023-32285 · WordPress · System Dashboard

Name of the Vulnerable Software and Affected Versions: System Dashboard plugin for WordPress versions up to, and including, 2.8.7 Description: The issue is related to unauthorized access of data due to a missing capability check on the sd global value function hooked via an AJAX action. This allo...

PT-2023-32287 · WordPress · System Dashboard

Name of the Vulnerable Software and Affected Versions: System Dashboard plugin for WordPress versions up to, and including, 2.8.7 Description: The issue allows unauthorized access of data due to a missing capability check on the sd db specs function hooked via an AJAX action. This makes it possib...

WPGetAPI 2.1.0 - 2.2.1 - Authenticated (Subscriber+) Arbitrary Options Update

Description The WPGetAPI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the importendpoints function in versions 2.1.0 - 2.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to update...

Download canvasio3D Light <= 2.5.0 - Subscriber+ Entries Update/Deletion

Description The plugin is vulnerable to unauthorized access & modification of data due to a missing capability check on the caARConnect function, allowing authenticated attackers, with subscriber-level access and above, to retrieve data from the plugin and save/delete entries...

Laposta Signup Basic < 1.4.2 - Missing Authorization

Description The Laposta Signup Basic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxResetCache function in versions up to, and including, 1.4.1. This makes it possible for subscriber-level attackers or higher to delete the...