5230 matches found
PT-2023-16940 · WordPress · Wp Fastest Cache
Name of the Vulnerable Software and Affected Versions: WP Fastest Cache versions up to, and including, 1.1.2 Description: The issue allows authenticated attackers with subscriber-level permissions and above to delete the site's cache due to a missing capability check in the deleteCacheToolbar...
CVE-2021-4379
The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmcbulkfixedprice function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, ...
CVE-2021-4337
Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wpajaxsvxajaxfactory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
Authorization
The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmcbulkfixedprice function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, ...
CVE-2021-4379
The CVE-2021-4379 issue affects the WordPress plugin WooCommerce Multi Currency . A missing capability check in the function wmc_bulk_fixed_price (versions up to and including 2.1.17) allows an authenticated attacker with subscriber-level permissions or higher to change product prices, representi...
CVE-2021-4337 Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization
Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wpajaxsvxajaxfactory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-3125
The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bkingsavepriceimport' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions...
CVE-2023-3126
The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to...
CVE-2023-3125
The B2BKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'b2bkingsavepriceimport' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions...
CVE-2023-3126
The B2BKing plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'b2bkingdownloadpricelist' function in versions up to, and including, 4.6.00. This makes it possible for Authenticated attackers with subscriber or customer-level permissions to...
CVE-2022-4948
The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...
CVE-2023-3124
The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updatepageoption function in versions up to, and including, 3.11.6. This makes it possible for authenticated attackers with subscriber-level capabilities to update...
CVE-2021-4375
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the uscesdownloadsysteminformation function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPres...
CVE-2021-4375
The Welcart e-Commerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the uscesdownloadsysteminformation function in versions up to, and including, 2.2.7. This makes it possible for authenticated attackers to download information including WordPres...
CVE-2021-4364
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearchaddjobimportschedulecall function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to add and/or modify schedule calls...
CVE-2021-4362
The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwisocialsharegetoption function called via the kiwisocialsharegetoption AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify...
CVE-2021-4362
The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the kiwisocialsharegetoption function called via the kiwisocialsharegetoption AJAX action in version 2.1.0. This makes it possible for unauthenticated attackers to read and modify...
CVE-2021-4361
The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the jobsearchjobintegrationssettinsave AJAX action in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers to update arbitrary options on...
CVE-2021-4366
The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwpupdatefeaturesoptions function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings...
CVE-2021-4345
The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...