Lucene search
+L

1352 matches found

prion
prion
added 2023/02/07 10:15 p.m.21 views

Authorization

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

4CVSS4.4AI score0.00576EPSS
Exploits0References3Affected Software1
vulncheck_kev
vulncheck_kev
added 2023/02/03 12:0 a.m.11 views

VulnCheck KEV: CVE-2022-4701

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredplugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...

8.8CVSS7.2AI score0.00754EPSS
Exploits1References1
prion
prion
added 2023/02/01 8:15 p.m.23 views

Authorization

The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image...

4CVSS6.2AI score0.00677EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2023/01/27 9:15 p.m.4 views

CVE-2023-0555

The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...

7.6CVSS6.2AI score0.00602EPSS
Exploits1References4
nvd
nvd
added 2023/01/27 9:15 p.m.29 views

CVE-2023-0555

The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...

8.1CVSS7.3AI score0.00602EPSS
Exploits1References5
cvelist
cvelist
added 2023/01/27 8:31 p.m.41 views

CVE-2023-0555 Quick Restaurant Menu <= 2.0.2 - Missing Authorization

The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...

8.1CVSS7.5AI score0.00602EPSS
Exploits1References4
osv
osv
added 2023/01/23 5:15 p.m.4 views

CVE-2023-0447

The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clearallcache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear t...

4.3CVSS5.8AI score0.00591EPSS
Exploits0References3
nvd
nvd
added 2023/01/23 5:15 p.m.23 views

CVE-2023-0447

The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clearallcache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear t...

4.3CVSS4.3AI score0.00591EPSS
Exploits0References4
nvd
nvd
added 2023/01/19 3:15 p.m.22 views

CVE-2023-0402

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta...

5.4CVSS5.2AI score0.00765EPSS
Exploits1References4
prion
prion
added 2023/01/19 3:15 p.m.19 views

Authorization

The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

5.5CVSS5.2AI score0.00518EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/01/19 2:25 p.m.28 views

CVE-2023-0404 Events Made Easy <= 2.3.16 - Missing Authorization

The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

5.4CVSS5.5AI score0.00518EPSS
Exploits0References2
osv
osv
added 2023/01/10 5:15 p.m.5 views

CVE-2022-4704

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprimporttemplateskit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site...

8.1CVSS5.6AI score0.00792EPSS
Exploits1References3
osv
osv
added 2023/01/10 5:15 p.m.3 views

CVE-2022-4701

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredplugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...

8.8CVSS5.8AI score0.00754EPSS
Exploits1References3
osv
osv
added 2023/01/10 5:15 p.m.4 views

CVE-2022-4702

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfixroyalcompatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on...

6.5CVSS5.6AI score0.00798EPSS
Exploits1References3
attackerkb
attackerkb
added 2023/01/10 5:15 p.m.3 views

CVE-2022-4703

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprresetpreviousimport' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported da...

8.1CVSS7.2AI score0.00945EPSS
Exploits1References4
osv
osv
added 2023/01/10 5:15 p.m.4 views

CVE-2022-4703

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprresetpreviousimport' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported da...

8.1CVSS5.8AI score0.00945EPSS
Exploits1References3
nvd
nvd
added 2023/01/10 5:15 p.m.39 views

CVE-2022-4700

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...

8.8CVSS6.1AI score0.00818EPSS
Exploits1References4
prion
prion
added 2023/01/10 5:15 p.m.27 views

Improper access control

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredplugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...

6.5CVSS8.5AI score0.00754EPSS
Exploits1References3Affected Software1
prion
prion
added 2023/01/10 5:15 p.m.23 views

Improper access control

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprsavemegamenusettings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu...

4CVSS4.5AI score0.00688EPSS
Exploits2References3Affected Software1
cvelist
cvelist
added 2023/01/10 4:55 p.m.36 views

CVE-2022-4701 Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Activation

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredplugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...

4.3CVSS8.8AI score0.00754EPSS
Exploits1References3
Rows per page
Query Builder