96 matches found
PT-2024-37846 · WordPress · Social Auto Poster
Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue allows unauthorized access, modification, and loss of data due to a missing capability check on multiple functions. This enables...
PT-2024-37847 · WordPress · Social Auto Poster
Name of the Vulnerable Software and Affected Versions: The Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on multiple functions. This allows unauthenticated...
CVE-2024-6175
The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions called via AJAX like savefieldssettings, bupdeleteuseravatar, bupcropavataruserprofileimage, and more in a...
PT-2024-37434 · WordPress · Booking Ultra Pro Appointments Booking Calendar Plugin
Name of the Vulnerable Software and Affected Versions: The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress versions up to, and including, 1.1.13 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify and delete multiple...
CVE-2024-5596
The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta...
CVE-2024-4222
CVE-2024-4222 affects the Tutor LMS Pro WordPress plugin. A missing capability check in multiple functions allows unauthenticated attackers to add, modify or delete user meta and plugin options across versions up to 2.7.0. The issue enables unauthorized data access/modification and data loss. Rem...
PT-2024-29795 · WordPress · Tutor Lms Pro
Name of the Vulnerable Software and Affected Versions: Tutor LMS Pro plugin for WordPress versions prior to 2.7.1 Description: The issue allows unauthorized access, modification, and loss of data due to a missing capability check on multiple functions. This enables unauthenticated attackers to ad...
CVE-2024-0790
The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm...
Cross site request forgery (csrf)
The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm...
CVE-2024-0790 WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Cross-Site Request Forgery
The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm...
CVE-2024-0790 WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Cross-Site Request Forgery
The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm...
SpeedyCache < 1.1.4 - Missing Authorization to Plugin Options Update
Description The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycachesavevarniship, speedycacheimgupdatesettings, speedycachepreloadingaddsettings, and speedycachepreloadingdeleteresource functions in all versions ...
UserPro < 5.1.2 - Cross-Site Request Forgery via multiple functions
Description The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta an...
CVE-2023-6007
The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...
CVE-2023-6008
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin...
CVE-2023-6007
The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...
Design/Logic Flaw
The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...
Cross site request forgery (csrf)
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin...
CVE-2023-6008 UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin...
CVE-2023-1028
The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged...