CVE-2023-0556

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata via the function cstugetmetadata that...

Authorization

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata via the function cstugetmetadata that...

CVE-2023-0556 ContentStudio <= 1.2.5 - Missing Authorization

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata via the function cstugetmetadata that...

CVE-2023-0556

The CVE-2023-0556 entry affects the ContentStudio WordPress plugin, with an authorization bypass due to missing capability checks in several functions through version 1.2.5. Unauthenticated attackers can retrieve blog metadata, including the contentstudio_token via cstu_get_metadata, enabling fur...

GSD-2023-1001219 fs: don't audit the capability check in simple_xattr_list()

fs: don't audit the capability check in simplexattrlist This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...

PT-2023-34296 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: The issue is related to the simple xattr list function in the Linux Kernel, where the capability check is not audited. This could potentially lead to security vulnerabilities, although the...

CVE-2023-0293

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to chan...

CVE-2023-0293 Mediamatic – Media Library Folders <= 2.8.1 - Missing Authorization

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to chan...

PT-2023-16148 · WordPress · Mediamatic – Media Library Folders

Name of the Vulnerable Software and Affected Versions: Mediamatic – Media Library Folders plugin for WordPress versions up to, and including, 2.8.1 Description: The issue is related to a missing capability check on AJAX actions, allowing authenticated attackers with subscriber-level permissions a...

PT-2023-8309 · Hostinger · Hostinger Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Hostinger plugin for WordPress versions up to, and including, 1.9.7 Description: The issue is related to the public website function of the Hostinger plugin for WordPress, which has weaknesses in its authorization procedure. This can allow a...

CVE-2022-4555

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...

CVE-2022-4555

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...

Authorization

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...

CVE-2022-4555

The CVE-2022-4555 issue affects the WP Shamsi WordPress plugin (

CVE-2022-4501

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

CVE-2022-4501

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

CVE-2022-4501 Mega Addons For WPBakery Page Builder <= 4.3.0 - Authenticated (Subscriber+) Settings Update

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

CVE-2022-4501

The CVE-2022-4501 entry concerns the Mega Addons plugin for WordPress, where an authorization bypass exists due to a missing capability check in the vc_saving_data function up to version 4.2.7. This allows authenticated users with subscriber-level permissions and above to update plugin settings. ...

PT-2022-27365 · WordPress · Mega Addons

Name of the Vulnerable Software and Affected Versions: Mega Addons plugin for WordPress versions up to, and including, 4.2.7 Description: The issue is related to authorization bypass due to a missing capability check on the vc saving data function. This allows authenticated attackers with...

Authorization

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the brickssavepost AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template...