Email posts to subscribers <= 6.2 - Missing Authorization to Sensitive Information Exposure

Description The Email posts to subscribers for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elppluginparserequest function in versions up to, and including 6.2. This makes it possible for unauthenticated attackers to invoke additional functions a...

Podlove Web Player <= 5.7.3 - Missing Authorization

Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...

LuckyWP Scripts Control <= 1.2.1 - Missing Authorization

Description The LuckyWP Scripts Control plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform...

FormCraft < 1.2.8 - Missing Authorization via formcraft_nag_update

Description The FormCraft plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the formcraftnagupdate AJAX nopriv function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to delay or disable upda...

ProductX – Gutenberg WooCommerce Blocks < 3.0.0 - Missing Authorization via option_data_save

Description The ProductX – Gutenberg WooCommerce Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optiondatasave function in versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with...

ARI Stream Quiz <= 1.3.1 - Contributor+ Content Injection

Description The plugin is vulnerable to content injection due to improper capability checks on the quiz editing functionality in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with contributor access and above, to publish quizzes containing arbitrary...

WPCafe < 2.2.23 - Missing Authorization

Description The plugin is vulnerable to unauthorized access, modification, or loss of data due to a missing capability check on an unknown function, allowing unauthenticated attackers to make use of the unprotected functionality...

WordPress Backup & Migration < 1.4.2 - Missing Authorization to Settings and Schedule Modification

Description The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wtsavesettings and saveschedule functions in versions up to, and including, 1.4.1. This makes it possible for authenticated attackers, with...

Click To Tweet <= 2.0.14 - Missing Authorization

Description The Click To Tweet plugin for WordPress is vulnerable to unauthorized access, loss or modification of data due to a missing capability check on one of its functions in versions up to, and including, 2.0.14. This makes it possible for authenticated attackers, with subscriber-level acce...

WP Accessibility Helper (WAH) < 0.6.2.5 - Missing Authorization via AJAX action

Description The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to a missing capability check on the wahupdateattachmenttitle function in versions up to, and including, 0.6.2.4. This makes it possible for authenticated attackers, with...

WP iCal Availability <= 1.0.3 - Missing Authorization

Description The WP iCal Availability plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with subscriber-level access and abov...

ApplyOnline < 2.5.4 - Missing Authorization

Description The plugin is vulnerable to unauthorized access due to a missing or improper capability check on an unknown function, allowing authenticated attackers, with contributor-level access and above, to perform an unauthorized action...

BadgeOS <= 3.7.1.6 - Missing Authorization

Description The BadgeOS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actio...

Glossary <= 3.1.2 - Missing Authorization

Description The Glossary plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to make us...

Generate Dummy Posts <= 1.0.0 - Missing Authorization

Description The Generate Dummy Posts plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to make use of this functionality...

WP User Frontend < 3.6.9 - Missing Authorization via AJAX actions

Description The WP User Frontend plugin for WordPress is vulnerable to unauthorized functionality use due to a missing capability check on several functions corresponding to AJAX actions in versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with...

10Web Map Builder for Google Maps < 1.0.74 - Missing Authorization to Notice Dismissal

Description The 10Web Map Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gmwdbpinstallnoticestatus function in versions up to, and including, 1.0.73. This makes it possible for authenticated attackers, with subscriber-level...

Ovic Product Bundle <= 1.1.2 - Missing Authorization

Description The Ovic Product Bundle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removebundleproduct function hooked via a nopriv AJAX action in versions up to, and including, 1.1.2. This makes it possible for unauthenticated...

TelSender <= 1.14.8 - Missing Authorization

Description The TelSender plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tscfwcformajaxreqest function hooked via an AJAX action in versions up to, and including, 1.14.8. This makes it possible for authenticated attackers, with...

WP Directory Kit < 1.2.7 - Missing Authorization

Description The WP Directory Kit plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on one of its functions in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to make use of functionality intended...