CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5230 matches found

Positive Technologies•added 2023/11/22 12:0 a.m.•4 views

PT-2023-32083 · WordPress · Funnelforms Free

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.4 Description: The issue allows authenticated attackers with subscriber-level permissions and above to create copies of arbitrary posts due to a missing capability check o...

4.3CVSS5.5AI score0.00395EPSS

Exploits0References4

Positive Technologies•added 2023/11/22 12:0 a.m.•3 views

PT-2023-32092 · WordPress · Funnelforms Free

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.4 Description: The issue allows authenticated attackers with subscriber-level permissions and above to send test emails to an arbitrary email address due to a missing...

4.3CVSS5.5AI score0.00395EPSS

Exploits0References4

OSV•added 2023/11/07 11:15 a.m.•3 views

CVE-2023-5506

The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmapdeleteareaajax' function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS7.4AI score0.00403EPSS

Exploits0References2

NVD•added 2023/11/07 11:15 a.m.•13 views

CVE-2023-5506

5.4CVSS0.00403EPSS

Exploits0References2

Prion•added 2023/11/07 11:15 a.m.•16 views

Design/Logic Flaw

4CVSS6.8AI score0.00403EPSS

Exploits0References2Affected Software1

CVE•added 2023/11/07 11:1 a.m.•44 views

CVE-2023-5506

CVE-2023-5506 concerns the WordPress ImageMapper plugin. Affected versions are

5.4CVSS4.7AI score0.00403EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/11/07 11:1 a.m.•26 views

CVE-2023-5506 ImageMapper <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page/Post Deletion via imgmap_delete_area_ajax

5.4CVSS5.5AI score0.00403EPSS

Exploits0References2

WPVulnDB•added 2023/11/07 12:0 a.m.•18 views

wpDiscuz < 7.6.12 - Missing Authorization in AJAX Actions

Description The plugin is vulnerable to unauthorized use of functionality due to a missing capability check on functions corresponding to AJAX actions in versions up to, and including, 7.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to view user...

6.1AI score0.00393EPSS

Exploits0Affected Software1

NVD•added 2023/10/30 2:15 p.m.•24 views

CVE-2023-5251

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'gridplussavelayoutcallback' and 'gridplusdeletecallback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated...

5.4CVSS5.2AI score0.00473EPSS

Exploits0References4

Prion•added 2023/10/30 2:15 p.m.•19 views

Design/Logic Flaw

5.5CVSS5.4AI score0.00473EPSS

Exploits0References3Affected Software1

CVE•added 2023/10/30 1:49 p.m.•52 views

CVE-2023-5251

The CVE-2023-5251 entry concerns the Grid Plus WordPress plugin. The issue is a missing capability check in grid_plus_save_layout_callback and grid_plus_delete_callback, affecting versions up to and including 1.3.2. This allows authenticated users with subscriber privileges or higher to add, upda...

5.4CVSS6.6AI score0.00473EPSS

Exploits0References4Affected Software1

NVD•added 2023/10/28 12:15 p.m.•10 views

CVE-2023-5426

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpdeleteusermeta, pmdmwpdeletetermmeta, and pmdmwpajaxdeletemeta functions in versions up to, and including, 1.2.0. This makes it possible for...

7.5CVSS7.4AI score0.00468EPSS

Exploits0References2

OSV•added 2023/10/28 12:15 p.m.•2 views

CVE-2023-5425

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpchangeusermeta and pmdmwpchangepostmeta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00536EPSS

Exploits0References2

NVD•added 2023/10/28 12:15 p.m.•9 views

CVE-2023-5425

8.8CVSS8.6AI score0.00536EPSS

Exploits0References2

Prion•added 2023/10/28 12:15 p.m.•10 views

Design/Logic Flaw

5CVSS7.5AI score0.00468EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/10/28 11:6 a.m.•20 views

CVE-2023-5425 Post Meta Data Manager <=1.2.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

8.8CVSS8.7AI score0.00536EPSS

Exploits0References2

CVE•added 2023/10/28 11:6 a.m.•78 views

CVE-2023-5425

CVE-2023-5425 concerns the WordPress plugin Post Meta Data Manager (versions up to 1.2.0). The vulnerability is a missing capability check in functions pmdm_wp_change_user_meta and pmdm_wp_change_post_meta , enabling authenticated users with at least subscriber privileges to escalate to administr...

8.8CVSS8.4AI score0.00536EPSS

Exploits0References2Affected Software1

NVD•added 2023/10/25 6:17 p.m.•17 views

CVE-2023-5311

The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the...

8.8CVSS8.7AI score0.01455EPSS

Exploits1References3

Prion•added 2023/10/25 6:17 p.m.•20 views

Remote code execution

6.5CVSS8.6AI score0.01455EPSS

Exploits1References3Affected Software1