CVE-2023-3244 Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restoresettings function called via an AJAX action in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers with minimal...

CVE-2023-3244 Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restoresettings function called via an AJAX action in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers with minimal...

CVE-2023-3244

CVE-2023-3244 — WordPress Comments Like Dislike vulnerability : The plugin (versions up to and including 1.1.9) exposes an unauthorized modification flaw via an AJAX action in restore_settings, due to a missing capability check. Authenticated users with minimal permissions (e.g., subscriber) can ...

CVE-2023-4374

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2023-4374

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

Design/Logic Flaw

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2023-4374 WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2023-4374 WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2023-4374

CVE-2023-4374 – WP Remote Users Sync (WordPress) vulnerability affecting versions up to 1.2.11 due to a missing capability check in the refresh_logs_async function. This permits authenticated users with subscriber privileges or higher to view logs and potentially add data. Impact is information d...

CVE-2023-4282

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'adminpostremove' and 'removeprivatedata' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or...

CVE-2023-4282 EmbedPress <= 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Delete via admin_post_remove and remove_private_data

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'adminpostremove' and 'removeprivatedata' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or...

CVE-2023-4282 EmbedPress <= 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Delete via admin_post_remove and remove_private_data

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'adminpostremove' and 'removeprivatedata' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or...

SUSE SLES15 Security Update : kernel (Live Patch 33 for SLE 15 SP1) (SUSE-SU-2023:3046-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3046-1 advisory. - A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel...

PT-2023-27345 · WordPress · Radio Player

Name of the Vulnerable Software and Affected Versions: Radio Player plugin for WordPress versions up to, and including, 2.0.73 Description: The issue is related to a missing capability check on the delete player function, allowing unauthenticated attackers to modify data by deleting player...

CVE-2023-0958

Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handleinstallation function that is called via the inisevinstallation AJAX aciton in various versions. This makes it possible for authenticated attackers with...

CVE-2023-0958

Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handleinstallation function that is called via the inisevinstallation AJAX aciton in various versions. This makes it possible for authenticated attackers with...

CVE-2023-0958 Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function

Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handleinstallation function that is called via the inisevinstallation AJAX aciton in various versions. This makes it possible for authenticated attackers with...

PT-2023-16642 · WordPress · Inisev

Name of the Vulnerable Software and Affected Versions: Inisev WordPress plugins affected versions not specified Description: The issue allows authenticated attackers with minimal permissions to install select plugins due to a missing capability check on the handle installation function. This...

CVE-2023-3956

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'eventsreceiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add,...

CVE-2023-3956

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'eventsreceiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add,...