Information disclosure

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with...

CVE-2021-4335

CVE-2021-4335 (Fancy Product Designer for WordPress) involves a broken access-control issue in versions up to 4.6.9 where multiple AJAX actions lack proper capability checks. This allows authenticated users with subscriber-level privileges to modify plugin settings, access arbitrary order informa...

CVE-2021-4335 Fancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX Actions

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with...

CVE-2023-4943 BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsvisibility function. This makes it possible for authenticated attackers subscriber or higher to manipulate products...

CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

PT-2023-15929 · Miniorange · Google Authenticator

Name of the Vulnerable Software and Affected Versions: miniOrange's Google Authenticator plugin for WordPress versions up to, and including, 5.6.5 Description: The issue is related to a missing capability check when changing plugin settings, which allows unauthenticated attackers to modify the...

PT-2023-31211 · WordPress · Bear

Name of the Vulnerable Software and Affected Versions: The BEAR for WordPress versions up to, and including, 1.1.3.3 Description: The issue is due to a missing capability check on the woobe bulkoperations swap function, making it possible for authenticated attackers subscriber or higher to...

PT-2023-31235 · WordPress · Woocommerce Ean Payment Gateway

Name of the Vulnerable Software and Affected Versions: WooCommerce EAN Payment Gateway plugin for WordPress versions up to 6.1.0 Description: The issue is related to unauthorized modification of data due to a missing capability check on the refresh order ean data AJAX action. This allows...

CVE-2023-4938

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsapplydefaultcombination function. This makes it possible for authenticated attackers subscriber or higher to manipulate...

Authorization

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsapplydefaultcombination function. This makes it possible for authenticated attackers subscriber or higher to manipulate...

CVE-2023-4938 BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation

The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobebulkoperationsapplydefaultcombination function. This makes it possible for authenticated attackers subscriber or higher to manipulate...

PT-2023-31194 · WordPress · Bear

Name of the Vulnerable Software and Affected Versions: The BEAR for WordPress versions up to, and including, 1.1.3.3 Description: The issue is related to Missing Authorization due to a missing capability check on the woobe bulkoperations apply default combination function. This allows authenticat...

Design/Logic Flaw

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...

CVE-2023-4469 Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...

CVE-2023-3213

The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...

CVE-2023-3213

The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...

PT-2023-32034 · Wp Extra · Wp Extra

Name of the Vulnerable Software and Affected Versions: WP EXtra versions up to, and including, 6.2 Description: The issue allows unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register function. This enables authenticated...

Kernel: bluetooth: Unauthorized management command execution

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

CVE-2023-4948

The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordercvrdata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

Design/Logic Flaw

The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordercvrdata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...