5230 matches found
CVE-2023-2557
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-2557
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-2557
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-2556
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcssddelete action in versions up to, and including, 1.1.9. This makes it possible for authenticated...
CVE-2023-2556
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcssddelete action in versions up to, and including, 1.1.9. This makes it possible for authenticated...
CVE-2023-2555
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-2414
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasavesettingscallback function in versions up to, and including, 4.4.6. This makes it possible for authenticated...
CVE-2023-2280
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxpublic' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin...
CVE-2023-2275
The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...
CVE-2023-2189
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the togglewidget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...
CVE-2023-2189
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the togglewidget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...
CVE-2023-2189
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the togglewidget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...
CVE-2023-2086
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templatecount function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While ...
CVE-2023-2086
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templatecount function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While ...
CVE-2023-2085
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a...
CVE-2023-2083
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is presen...
CVE-2023-2084
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is...
CVE-2023-2083
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is presen...
CVE-2023-2066
The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...
Design/Logic Flaw
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templatecount function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While ...