6 matches found
CVE-2025-2719 Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2.8 - 1.4.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The Swatchly – WooCommerce Variation Swatches for Products product attributes: Image swatch, Color swatches, Label swatches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function in versions 1.2.8 to 1.4.0. This makes ...
CVE-2024-4875
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajaxdismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with...
PT-2024-31719 · Unknown +1 · Woocommerce +1
Name of the Vulnerable Software and Affected Versions: ShopLentor plugin for WordPress versions up to, and including, 2.8.8 Description: The issue is related to a missing capability check on the ajax dismiss function, which allows authenticated attackers with contributor-level access and above to...
PT-2024-33201 · WordPress · Ht Mega – Absolute Addons For Elementor
Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.5.2 Description: The issue is related to a missing capability check on the ajax dismiss function, allowing authenticated attackers with...
WordPress Plugin ShopLentor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
ShopLentor < 2.8.9 - Authenticated Option Update
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function. This makes it possible for authenticated attackers, with contributor-level access and above, to set arbitrary WordPress options to "true". NOTE: This...