Lucene search
K

221 matches found

RedhatCVE
RedhatCVE
added 2025/03/31 7:36 a.m.22 views

CVE-2025-2266

The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated...

9.8CVSS7.7AI score0.00678EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/03/28 9:55 p.m.5 views

WordPress Administrator Z plugin <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Administrator Z versions = 2025.03.24...

8.8CVSS7AI score0.00334EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/28 11:13 a.m.5 views

CVE-2025-2815 Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminzimportbackup function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated...

8.8CVSS7.4AI score0.00334EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/18 9:31 p.m.6 views

WordPress Altair theme <= 5.2.4 - Unauthenticated Arbitrary Options Update via pp_import_current vulnerability

Unauthenticated Arbitrary Options Update via ppimportcurrent vulnerability discovered by Tonn in WordPress Theme Altair versions = 5.2.4...

9.8CVSS8.9AI score0.00478EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/13 5:29 p.m.5 views

WordPress LoginPress plugin <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability

Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by Carlos Ferreira in WordPress Plugin LoginPress versions = 3.3.1...

7.5CVSS8.8AI score0.00203EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/13 5:28 p.m.5 views

WordPress Industrial theme <= 1.7.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Theme Industrial versions = 1.7.8...

8.8CVSS8.9AI score0.00335EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/13 5:22 p.m.8 views

WordPress SoundRise Music plugin <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin SoundRise Music versions = 1.6.11...

8.8CVSS8.9AI score0.00335EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/03/06 10:19 p.m.4 views

WordPress UiPress lite plugin <= 3.5.04 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by vgo0 in WordPress Plugin UiPress lite versions = 3.5.04...

8.8CVSS7AI score0.00429EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/02/28 9:15 a.m.8 views

CVE-2024-9195

The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...

8.8CVSS0.00378EPSS
Exploits0References2
CVE
CVE
added 2025/02/28 8:23 a.m.94 views

CVE-2024-9195

CVE-2024-9195 affects the WordPress plugin WHMPress — WHMCS Client Area (for WordPress) and is caused by a missing capability check on the update_settings operation in the file /admin/ajax.php . It allows authenticated attackers with Subscriber+ privileges to modify arbitrary options, potentially...

8.8CVSS8.8AI score0.00378EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/28 8:23 a.m.8 views

CVE-2024-9195 WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update

The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...

8.8CVSS8.8AI score0.00378EPSS
Exploits0References2
CVE
CVE
added 2025/02/28 8:23 a.m.108 views

CVE-2024-9193

Summary: CVE-2024-9193 affects the WordPress WHMpress plugin (versions

9.8CVSS9.9AI score0.03111EPSS
In wildExploits0References2Affected Software1
Patchstack
Patchstack
added 2025/02/27 11:40 p.m.3 views

WordPress WHMPress - WHMCS Client Area plugin <= 4.3-revision-3 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability

WordPress WHMPress - WHMCS Client Area plugin = 4.3-revision-3 - Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin WHMCS Client Area for WordPress by WHMpress versions = 4.3-revision-3...

8.8CVSS7AI score0.00378EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/27 11:38 p.m.5 views

WordPress WHMpress plugin <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update vulnerability

Unauthenticated Local File Inclusion to Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin WHMpress versions = 6.3-revision-0...

9.8CVSS7AI score0.03111EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/12 9:22 a.m.7 views

CVE-2024-12296 Apus Framework <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options

The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'importpageoptions' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, wit...

8.8CVSS8.7AI score0.0048EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/12 9:22 a.m.29 views

CVE-2024-12296 Apus Framework <= 2.4 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options

The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'importpageoptions' function in all versions up to, and including, 2.4. This makes it possible for authenticated attackers, wit...

8.8CVSS0.0048EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/12 4:22 a.m.22 views

CVE-2024-13653 ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' and 'restoreoptions' functions in all versions up to, and including, 2.12.0. Thi...

8.8CVSS0.0048EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/11 10:37 p.m.4 views

WordPress Apus Framework plugin <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options vulnerability

Authenticated Subscriber+ Arbitrary Options Update in importpageoptions vulnerability discovered by Tonn in WordPress Plugin Apus Framework versions = 2.3...

8.8CVSS7AI score0.0048EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/11 10:18 p.m.5 views

WordPress ConvertPlus plugin <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by Lucio Sá in WordPress Plugin ConvertPlus versions = 3.5.30...

8.1CVSS7AI score0.00434EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2025/02/11 10:13 p.m.6 views

WordPress ZoxPress theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Lucio Sá in WordPress Theme ZoxPress versions = 2.12.0...

8.8CVSS7AI score0.0048EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder