Lucene search
K

4966 matches found

CVE
CVE
added 2024/12/18 3:22 a.m.99 views

CVE-2024-12025

The WordPress Collapsing Categories plugin (versions

7.5CVSS7.7AI score0.02542EPSS
In wildExploits1References2
NVD
NVD
added 2024/12/17 6:15 p.m.43 views

CVE-2024-42194

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...

3.1CVSS0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/17 5:28 p.m.9 views

CVE-2024-42194 HCL BigFix Inventory is affected by an access control vulnerability

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...

3.1CVSS7.2AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/17 5:28 p.m.53 views

CVE-2024-42194 HCL BigFix Inventory is affected by an access control vulnerability

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...

3.1CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 2024/12/17 5:28 p.m.116 views

CVE-2024-42194

CVE-2024-42194 affects HCL BigFix Inventory: an access-control vulnerability arising from improper handling of permissions allows a read-only account to modify certain configuration parameters via a crafted REST API call. The available documents confirm the affected product and the underlying iss...

3.1CVSS4.1AI score0.00252EPSS
Exploits0References1
NVD
NVD
added 2024/12/16 6:15 a.m.29 views

CVE-2024-5333

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

5.3CVSS0.01071EPSS
Exploits1References1
OSV
OSV
added 2024/12/16 6:15 a.m.9 views

CVE-2024-5333

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

5.3CVSS7.3AI score0.01071EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/16 6:0 a.m.39 views

CVE-2024-5333 The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

0.01071EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/12/16 6:0 a.m.13 views

CVE-2024-5333 The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

6.8AI score0.01071EPSS
Exploits1References1
CVE
CVE
added 2024/12/16 6:0 a.m.113 views

CVE-2024-5333

The Events Calendar WordPress plugin (vendor: stellarwp) before version 6.8.2.1 has missing access checks in its REST API, allowing unauthenticated users to access information about password-protected events. The NVD/Nuclei and related sources confirm this information disclosure vector with explo...

5.3CVSS6.5AI score0.01071EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.4 views

PT-2024-35723

Name of the Vulnerable Software and Affected Versions The Events Calendar WordPress plugin versions prior to 6.8.2.1 Description The issue is related to missing access checks in the REST API, allowing unauthenticated users to access information about password-protected events. Recommendations For...

5.3CVSS7.3AI score0.01071EPSS
Exploits1References10
NVD
NVD
added 2024/12/14 5:15 a.m.22 views

CVE-2024-11095

The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS0.00287EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/14 4:23 a.m.19 views

CVE-2024-11095 Visualmodo Elements <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS0.00287EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/14 4:23 a.m.9 views

CVE-2024-11095 Visualmodo Elements <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS5.8AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/14 12:0 a.m.6 views

PT-2024-16756 · WordPress · Visualmodo Elements

Name of the Vulnerable Software and Affected Versions: Visualmodo Elements plugin for WordPress versions up to, and including, 1.0.2 Description: The issue is related to Stored Cross-Site Scripting via REST API SVG File uploads due to insufficient input sanitization and output escaping. This allo...

6.4CVSS6.3AI score0.00287EPSS
Exploits0References5
NVD
NVD
added 2024/12/13 9:15 a.m.23 views

CVE-2024-11275

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes...

4.3CVSS0.00321EPSS
Exploits0References3
CVE
CVE
added 2024/12/13 8:24 a.m.93 views

CVE-2024-11275

CVE-2024-11275 affects the WP Timetics WordPress plugin (versions up to 1.0.27). It allows authenticated Timetics Customer or higher to delete arbitrary users due to a missing capability check on the /wp-json/timetics/v1/customers/ REST endpoint, enabling unauthorized data loss. Wordfence notes t...

4.3CVSS4.4AI score0.00321EPSS
Exploits0References3
NVD
NVD
added 2024/12/12 6:15 a.m.18 views

CVE-2024-12265

The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2.12.17. This makes it possible for unauthenticated attacker...

5.3CVSS0.00422EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/12 5:24 a.m.6 views

CVE-2024-12265 Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure

The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2.12.17. This makes it possible for unauthenticated attacker...

5.3CVSS6.8AI score0.00422EPSS
Exploits0References2
CVE
CVE
added 2024/12/12 5:24 a.m.86 views

CVE-2024-12265

CVE-2024-12265 affects the Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress up to version 2.12.17. The issue is a missing capability check on the REST endpoint /wp-json/depay/wc/debug, allowing unauthenticated access to debug information (information exposure). Connected documen...

5.3CVSS6.8AI score0.00422EPSS
Exploits0References2
Rows per page
Query Builder