Lucene search
+L

1352 matches found

prion
prion
added 2023/07/12 5:15 a.m.17 views

Design/Logic Flaw

The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the galleryremove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with th...

4CVSS4.5AI score0.00409EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/07/12 4:38 a.m.22 views

CVE-2023-2561 Gallery Metabox <= 1.5 - Missing Authorization via gallery_remove

The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the galleryremove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with th...

4.3CVSS4.7AI score0.00409EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/07/12 4:38 a.m.13 views

CVE-2023-2561 Gallery Metabox <= 1.5 - Missing Authorization via gallery_remove

The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the galleryremove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with th...

4.3CVSS6.6AI score0.00409EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/07/12 4:38 a.m.10 views

CVE-2023-2869 WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the dofieldreorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorde...

4.3CVSS6.7AI score0.00503EPSS
Exploits0References3
cvelist
cvelist
added 2023/07/12 4:38 a.m.27 views

CVE-2023-2562 Gallery Metabox <= 1.5 - Missing Authorization via refresh_metabox

The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refreshmetabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list of images attached to a post...

4.3CVSS4.7AI score0.00458EPSS
Exploits0References2
wpvulndb
wpvulndb
added 2023/06/29 12:0 a.m.18 views

User Registration < 3.0.2 - Subscriber+ PHP Object Injection

The plugin does not properly sanitize the 'profile-pic-url' parameter, leading to a potential PHP Object Injection. This vulnerability stems from the deserialization of untrusted input, potentially enabling a malicious user with subscriber-level permissions to inject a PHP Object. The issue may...

8.8CVSS6.9AI score0.01126EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/06/13 1:48 a.m.18 views

CVE-2023-2351 WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...

6.5CVSS6.7AI score0.0064EPSS
Exploits1References6
nvd
nvd
added 2023/06/09 1:15 p.m.32 views

CVE-2023-2261

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...

4.3CVSS4.3AI score0.00552EPSS
Exploits0References3
prion
prion
added 2023/06/09 1:15 p.m.22 views

Authorization

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handleajaxcall function in versions up to, and including, 4.5.0. This makes it possible for authenticated attackers, with subscriber-level access or higher, to obtain a list of...

4CVSS4.4AI score0.00552EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2023/06/09 6:16 a.m.11 views

CVE-2023-2557

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS4.4AI score0.00409EPSS
Exploits0References2
attackerkb
attackerkb
added 2023/06/09 6:16 a.m.3 views

CVE-2023-2557

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.8AI score0.00409EPSS
Exploits0References3
nvd
nvd
added 2023/06/09 6:16 a.m.25 views

CVE-2023-2189

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the togglewidget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...

4.3CVSS4.3AI score0.00595EPSS
Exploits1References3
attackerkb
attackerkb
added 2023/06/09 6:16 a.m.4 views

CVE-2023-2189

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the togglewidget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00595EPSS
Exploits1References3
nvd
nvd
added 2023/06/09 6:16 a.m.26 views

CVE-2023-2085

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a...

4.3CVSS4.3AI score0.00607EPSS
Exploits0References3
attackerkb
attackerkb
added 2023/06/09 6:16 a.m.3 views

CVE-2023-2086

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templatecount function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While ...

4.3CVSS6.7AI score0.00572EPSS
Exploits0References4
nvd
nvd
added 2023/06/09 6:16 a.m.30 views

CVE-2023-2084

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is...

4.3CVSS4.3AI score0.00513EPSS
Exploits0References2
prion
prion
added 2023/06/09 6:16 a.m.16 views

Design/Logic Flaw

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level...

4CVSS4.5AI score0.00409EPSS
Exploits0References2Affected Software1
prion
prion
added 2023/06/09 6:16 a.m.16 views

Design/Logic Flaw

The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...

4CVSS4.5AI score0.00508EPSS
Exploits0References3Affected Software1
prion
prion
added 2023/06/09 6:16 a.m.13 views

Design/Logic Flaw

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcssddelete action in versions up to, and including, 1.1.9. This makes it possible for authenticated...

4CVSS4.5AI score0.00434EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2023/06/09 6:15 a.m.41 views

CVE-2023-1910

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the getremotetemplates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level...

4.3CVSS4.2AI score0.00515EPSS
Exploits2References3
Rows per page
Query Builder