CVE-2024-6824 Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update

The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...

WordPress Premium Addons for Elementor plugin <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Content Deletion and Arbitrary Title Update vulnerability discovered by stealthcopter in WordPress Plugin Premium Addons for Elementor versions = 4.10.38...

CVE-2024-5858 Infographic Maker iList <= 4.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Title Update

The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcldopenaititlegeneratedesc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress Infographic Maker iList plugin <= 4.7.4 - Authenticated Arbitrary Title Update vulnerability

Authenticated Arbitrary Title Update vulnerability discovered by Lucio Sá in WordPress Plugin Infographic Maker – iList versions = 4.7.4...