Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5230 matches found

NVD
NVDadded 2023/09/13 3:15 a.m.24 views

CVE-2023-4153

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...

8.8CVSS8.6AI score0.00688EPSS
Exploits0References3
OSV
OSVadded 2023/09/13 3:15 a.m.2 views

CVE-2023-4153

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...

8.8CVSS7.3AI score0.00688EPSS
Exploits0References3
Prion
Prionadded 2023/09/13 3:15 a.m.21 views

Design/Logic Flaw

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...

6.5CVSS8.6AI score0.00688EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2023/09/13 2:54 a.m.33 views

CVE-2023-4153 BAN Users <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege Escalation

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...

8.8CVSS8.7AI score0.00688EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/09/13 12:0 a.m.4 views

PT-2023-31236 · WordPress · Woocommerce Clover Payment Gateway

Name of the Vulnerable Software and Affected Versions: WooCommerce CVR Payment Gateway plugin for WordPress versions up to 6.1.0 Description: The issue allows unauthorized modification of data due to a missing capability check on the refresh order cvr data AJAX action. This makes it possible for...

4.3CVSS5.2AI score0.00321EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2023/09/09 12:0 a.m.8 views

PT-2023-19633 · WordPress · Userpro

Name of the Vulnerable Software and Affected Versions: UserPro plugin for WordPress versions up to and including 5.1.4 Description: The issue allows unauthorized access to data due to a missing capability check on the userpro shortcode template function. This enables unauthenticated attackers to...

6.5CVSS7.6AI score0.00903EPSS
Exploits2References10
OSV
OSVadded 2023/09/07 2:15 a.m.3 views

CVE-2023-4792

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicateppmcpostasdraft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with...

4.3CVSS5.8AI score0.00406EPSS
Exploits0References3
Prion
Prionadded 2023/09/07 2:15 a.m.18 views

Design/Logic Flaw

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicateppmcpostasdraft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with...

4CVSS4.5AI score0.00406EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2023/09/07 1:52 a.m.8 views

CVE-2023-4792 Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization to Post Duplication

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicateppmcpostasdraft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with...

4.3CVSS6.6AI score0.00406EPSS
Exploits0References3
WPVulnDB
WPVulnDBadded 2023/09/07 12:0 a.m.14 views

Duplicate Post Page Menu & Custom Post Type < 2.4.0 - Subscriber+ Post Duplication

Description The plugin is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicateppmcpostasdraft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts...

4.3CVSS6.1AI score0.00406EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessusadded 2023/09/06 12:0 a.m.49 views

Ubuntu 20.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6349-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6349-1 advisory. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically...

10CVSS7.9AI score0.03546EPSS
Exploits2References10
GithubExploit
GithubExploitadded 2023/09/05 12:32 p.m.817 views

Exploit for CVE-2023-3124

CVE-2023-3124 CVE-2023-3124 Proof of Concept This is a proof...

8.8CVSS8.5AI score0.2272EPSS
Exploits2
RedHat Linux
RedHat Linuxadded 2023/09/05 9:11 a.m.8 views

Kernel: bluetooth: Unauthorized management command execution

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

6.8CVSS6.8AI score0.0147EPSS
Exploits2References5
RedHat Linux
RedHat Linuxadded 2023/09/05 9:2 a.m.11 views

Kernel: bluetooth: Unauthorized management command execution

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

6.8CVSS6.8AI score0.0147EPSS
Exploits2References5
OSV
OSVadded 2023/08/31 6:15 a.m.5 views

CVE-2023-4245

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the...

4.3CVSS7.4AI score0.00432EPSS
Exploits0References3
NVD
NVDadded 2023/08/31 6:15 a.m.18 views

CVE-2023-4245

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the...

4.3CVSS4.5AI score0.00432EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2023/08/31 6:15 a.m.3 views

CVE-2023-2353

The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chpabdaction function in versions up to, and including, 3.9.4. This makes it possible for subscriber-level attackers to change or reset plugin...

5.4CVSS6.6AI score0.00515EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2023/08/31 6:15 a.m.3 views

CVE-2023-2174

The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

4.3CVSS5.9AI score0.00324EPSS
Exploits0References3
OSV
OSVadded 2023/08/31 6:15 a.m.1 views

CVE-2023-2174

The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

4.3CVSS7.3AI score0.00324EPSS
Exploits0References2
NVD
NVDadded 2023/08/31 6:15 a.m.14 views

CVE-2023-2174

The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

4.3CVSS4.3AI score0.00324EPSS
Exploits0References2
Rows per page
Query Builder