Lucene search
K

5258 matches found

NVD
NVD
added 2023/06/09 6:15 a.m.22 views

CVE-2023-1375

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS4.3AI score0.00534EPSS
Exploits0References3
NVD
NVD
added 2023/06/09 6:15 a.m.12 views

CVE-2023-1169

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...

4.3CVSS4.4AI score0.00573EPSS
Exploits0References3
NVD
NVD
added 2023/06/09 6:15 a.m.25 views

CVE-2023-0291

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...

9.1CVSS7.4AI score0.02034EPSS
Exploits5References4
OSV
OSV
added 2023/06/09 6:15 a.m.18 views

CVE-2023-0291

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...

9.1CVSS7.1AI score
Exploits0References4
Prion
Prion
added 2023/06/09 6:15 a.m.17 views

Authorization

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...

4CVSS4.5AI score0.00573EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/06/09 6:15 a.m.17 views

Design/Logic Flaw

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalinksetup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the...

5CVSS5.1AI score0.00629EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/06/09 6:15 a.m.33 views

Design/Logic Flaw

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the getremotetemplates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level...

4CVSS4.3AI score0.00515EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2023/06/09 6:15 a.m.26 views

Design/Logic Flaw

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4CVSS4.4AI score0.00534EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.33 views

CVE-2023-2083 Essential Blocks <= 4.0.6 - Missing Authorization via save

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is presen...

4.3CVSS4.7AI score0.00567EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.14 views

CVE-2023-2083 Essential Blocks <= 4.0.6 - Missing Authorization via save

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is presen...

4.3CVSS6.6AI score0.00567EPSS
Exploits0References3
CVE
CVE
added 2023/06/09 5:33 a.m.54 views

CVE-2023-2083

CVE-2023-2083 affects the WordPress plugin “Essential Blocks” (versions up to 4.0.6). The root cause is a missing capability check on the save function, with a nonce check that only runs when a nonce is provided; without a nonce, nonce verification is skipped and no capability check occurs. This ...

4.3CVSS4.3AI score0.00567EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.31 views

CVE-2023-2555 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Custom Drop-Down Currency Switcher Creation

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS4.6AI score0.00434EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.8 views

CVE-2023-2555 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Custom Drop-Down Currency Switcher Creation

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.6AI score0.00434EPSS
Exploits0References2
CVE
CVE
added 2023/06/09 5:33 a.m.41 views

CVE-2023-2557

CVE-2023-2557 concerns the WPCS – WordPress Currency Switcher Professional plugin. The vulnerability is a missing capability check on the save function, allowing authenticated attackers with subscriber-level permissions or higher to modify an arbitrary custom drop-down currency switcher. Affected...

4.3CVSS5.3AI score0.00409EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/06/09 5:33 a.m.38 views

CVE-2023-2066

CVE-2023-2066 affects the Announcement & Notification Banner – Bulletin WordPress plugin up to version 3.6.0. Root cause: missing capability/authorization checks in functions bulletinwp_update_bulletin_status, bulletinwp_update_bulletin, bulletinwp_update_settings, bulletinwp_update_status, bulle...

6.3CVSS5.1AI score0.00505EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.9 views

CVE-2023-2066 Announcement & Notification Banner – Bulletin <= 3.6.0 - Missing Authorization Checks

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...

6.3CVSS6.6AI score0.00505EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.26 views

CVE-2023-2066 Announcement & Notification Banner – Bulletin <= 3.6.0 - Missing Authorization Checks

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...

6.3CVSS6.2AI score0.00505EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.19 views

CVE-2023-2556 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcssddelete action in versions up to, and including, 1.1.9. This makes it possible for authenticated...

4.3CVSS4.8AI score0.00434EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.23 views

CVE-2023-2275 WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

4.3CVSS5.4AI score0.00466EPSS
Exploits0References5
CVE
CVE
added 2023/06/09 5:33 a.m.49 views

CVE-2023-2275

The CVE-2023-2275 entry concerns the WooCommerce Multivendor Marketplace – REST API plugin for WordPress. It describes a vulnerability caused by missing capability checks in get_item, get_order_notes, and add_order_note, affecting versions up to 1.5.3. The impact stated across connected sources i...

5.4CVSS5.1AI score0.00466EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder