Slider Pro < 4.8.7 - Missing Authorization via AJAX actions

Description The Slider Pro plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in versions up to, and including, 4.8.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to hide...

Category Slider for WooCommerce < 1.4.16 - Missing Authorization via notice dismissal functionality

Description The Category Slider for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability and nonce check on various admin notice dismissal functions in versions up to, and including, 1.4.15. This makes it possible for authenticated attacker...

Auto Tag Creator <= 1.0.2 - Missing Authorization via tag_save_settings_callback

Description The Auto Tag Creator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsavesettingscallback function in versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level...

Seers <= 8.0.6 - Missing Authorization via multiple AJAX actions

Description The Seers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax functions in versions up to, and including, 8.0.6. This makes it possible for unauthenticated attackers to modify the cookie policy and change the conse...

Flo Forms <= 1.0.41 - Missing Authorization via flo_send_test_email

Description The Flo Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flosendtestemail function in versions up to, and including, 1.0.41. This makes it possible for authenticated attackers, with subscriber-level access and above...

SearchIQ < 4.5 - Unauthenticated Sensitive Information Disclosure

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the getSIQPluginSettings function, allowing unauthenticated attackers to view information such as the plugin settings, theme, and WordPress and PHP version...

WRC Pricing Tables < 2.3.8 - Missing Authorization

Description The WRC Pricing Tables plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on several functions including wrcptprocesspackagefeatures, wrcpteditpricingpackages, wrcptactivatetemplate and others in versions up to, and including, 2.3.7...

CoCart – Headless ecommerce <= 3.11.2 - Missing Authorization

Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function, allowing unauthenticated attackers to make unauthorized use of the unprotected function...

WP Custom Admin Interface < 7.32 - Missing Authorization via wpcai_pro_notice_disable

Description The WP Custom Admin Interface plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the wpcaipronoticedisable function in versions up to, and including, 7.31. This makes it possible for authenticated attackers, with...

Easy Social Icons < 3.2.5 - Missing Authorization via cnss_save_ajax_order

Description The Easy Social Icons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cnsssaveajaxorder function in versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with subscriber-level access a...

WP GPX Map < 1.7.06 - Missing Authorization

Description The WP GPX Map plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpgpxmapsdismissnotice function in versions up to, and including, 1.7.05. This makes it possible for authenticated attackers, with subscriber-level access an...

10WebAnalytics <= 1.2.12 - Missing Authorization via gawd_wd_bp_install_notice_status

Description The 10WebAnalytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gawdwdbpinstallnoticestatus function in versions up to, and including, 1.2.12. This makes it possible for authenticated attackers, with subscriber-level...

WP EXtra < 6.3 - Missing Authorization to Export Settings

Description The WP EXtra plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to export plugin...

Funnelforms Free < 3.4.2 - Missing Authorization to Test Email Sending

Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions a...

Funnelforms Free < 3.4.2 - Missing Authorization to Arbitrary Post Deletion

Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions a...

Funnelforms Free < 3.4.2 - Missing Authorization to Category Deletion

Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permission...

CVE-2023-6007

The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...

CVE-2023-5419

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2023-5416

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2023-5411

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2savepost function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...