Design/Logic Flaw

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'eventsreceiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add,...

kernel security and bug fix update

5.14.0-284.18.12 - cifs: fix wrong unlock before return from cifstreeconnect - docs: Remove the unnecessary unicode character - perf vendor events intel: Refresh ivytown metrics and events - perf vendor events: Update Intel ivytown - perf vendor events intel: Refresh jaketown metrics and events -...

Kernel: bluetooth: Unauthorized management command execution

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

CVE-2023-3713

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profilemagicchecksmtpconnection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permission...

CVE-2023-3713

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profilemagicchecksmtpconnection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permission...

CVE-2023-3403

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...

CVE-2023-3403

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...

Design/Logic Flaw

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmuploadcsv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import...

Design/Logic Flaw

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'editgroup' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, includin...

Privilege escalation

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profilemagicchecksmtpconnection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permission...

CVE-2023-3713 ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profilemagicchecksmtpconnection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permission...

CVE-2023-3714

CVE-2023-3714 – ProfileGrid (WordPress) : The vulnerability stems from a missing capability check on the 'edit_group' handler, enabling authenticated attackers with group ownership to modify group options (e.g., the 'associate_role'). Affected versions are up to 5.5.2. The issue was partially pat...

CVE-2023-3713 ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profilemagicchecksmtpconnection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permission...

CVE-2023-3713

CVE-2023-3713 affects ProfileGrid – User Profiles, Memberships, Groups and Communities (WordPress). Up to version 5.5.1, a missing capability check in profile_magic_check_smtp_connection allows authenticated users with subscriber-level+ privileges to arbitrarily modify site options, enabling priv...

CVE-2023-3459 Export and Import Users and Customers <= 2.4.1 - Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password Change

The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hfupdatecustomer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated...

PT-2023-25800 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.2 Description: The issue is related to a missing capability check on the 'edit group' handler, allowing authenticated attackers with group ownership to update group options,...

PT-2023-24645 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.1 Description: The issue allows authenticated attackers with subscriber-level permissions or above to import new users and update existing users due to a missing capability...

Export and Import Users and Customers < 2.4.2 - Shop Manager+ Privilege Escalation

The plugin does not correctly implement a capability check on the 'hfupdatecustomer' function, which is triggered via an AJAX action. This omission allows users with shop manager-level permissions to modify data they should not have access to, such as changing user passwords and potentially gaini...

CVE-2023-2561

The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the galleryremove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with th...

CVE-2023-2869

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the dofieldreorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorde...