PayTR Taksit Tablosu <= 1.3.1 - Missing Authorization

Description The PayTR Taksit Tablosu plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on one of its functions in versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to invoke this function with an unclear...

BlossomThemes Email Newsletter < 2.2.5 - Missing Authorization

Description The BlossomThemes Email Newsletter plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the btengetmailinglist function in versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to obtain a mailing...

Booster for WooCommerce < 7.1.2 - Missing Authorization to Authenticated (Subscriber+) Order Information Disclosure

Description The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the initatts function in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with subscriber-level access and...

HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.4.3 - Missing Authorization via woof_meta_get_keys()

Description The HUSKY – Products Filter for WooCommerce formerly WOOF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the woofmetagetkeys function in versions up to, and including, 1.3.4.2. This makes it possible for authenticated attackers,...

Awesome Support < 6.1.5 - Missing Authorization via wpas_edit_reply_ajax()

Description The Awesome Support plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpaseditreplyajax function in versions up to, and including, 6.1.4. This makes it possible for authenticated attackers, with subscriber-level access and...

Accept Stripe Payments < 2.0.80 - Insecure Direct Object Reference

Description The Stripe Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handlecreatepi function in versions up to, and including, 2.0.79. This makes it possible for unauthenticated attackers to purchase products in another...

WCMultiShipping < 2.3.6 - Missing Authorization to Log Export

Description The WCMultiShipping plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wmsexportlog function in all versions up to, and including, 2.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above,...

Give - Donation Plugin < 2.33.1 - Authenticated(Give Manager+) Privilege Escalation

Description The Give - Donation Plugin plugin for WordPress is vulnerable to privilege escalation due to an insufficient capability check when updating default roles in versions up to, and including, 2.33.0. This makes it possible for authenticated attackers with Give Manager privileges to elevat...

rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Settings Update

Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtmediaadminupload function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers,...

MultiVendorX < 4.0.26 - Improper Authorization on REST Routes via 'save_settings_permission'

Description The MultiVendorX plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on the 'savesettingspermission' function for the REST routes instantiated by the 'mvxrestroutesreactmodule' function versions ...

Elements kit Elementor addons < 2.9.2 - Missing Authorization

Description The plugin is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the dismissajaxcall function, making it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices intended for admins...

Site Reviews < 6.10.3 - Missing Authorization

Description The Site Reviews plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'assignPost' and 'unassignPost' functions in versions up to, and including, 6.10.2. This makes it possible for authenticated attackers to assign and unassi...

Analytify Dashboard < 5.1.1 - Missing Authorization to Opt-In

Description The Analytify Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optinyes function in versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber-level and above acces...

kk Star Ratings < 5.4.6 - Missing Authorization

Description The kk Star Ratings plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in versions up to, and including, 5.4.5. This makes it possible for unauthenticated attackers to make use of this functionality. The exa...

Visitors Traffic Real Time Statistics <= 7.2 - Missing Authorization via multiple AJAX actions

Description The Visitors Traffic Real Time Statistics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 7.2. This makes it possible for authenticated attackers, with subscriber-level...

Poll Maker < 4.7.2 - Missing Authorization

Description The Poll Maker plugin for WordPress is vulnerable to unauthorized access of data or functionality due to a missing capability check on one of its functions in all versions up to, and including, 4.7.1. This makes it possible for unauthenticated attackers to make use of this function...

Product Recommendation Quiz for eCommerce < 2.1.2 - Missing Authorization in prq_set_token

Description The Product Recommendation Quiz for eCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the prqsettoken function in versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to modify...

UserPro < 5.1.2 - Missing Authorization via multiple functions

Description The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, o...

Ni WooCommerce Sales Report <= 3.7.3 - Missing Authorization via ajax_sales_order

Description The Ni WooCommerce Sales Report plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsalesorder' function in versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with subscriber-level acces...

Inactive Logout < 3.2.3 - Missing Authorization

Description The Inactive Logout plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the inaresetadvsettings function in versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber-level access a...