Lucene search
K

4 matches found

Cvelist
Cvelist
added 2024/12/12 5:24 a.m.257 views

CVE-2024-12172 WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Update

The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpcupdateusermetaoption function in all versions up to, and including, 3.2.21. This makes it...

7.5CVSS0.00747EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/10 12:40 p.m.24 views

CVE-2023-1597 tagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation

The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves ...

9AI score0.00492EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.36 views

tagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation

The plugin does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog. PoC To set the us...

8.8CVSS9.2AI score0.00492EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2021/12/13 10:41 a.m.22 views

CVE-2021-24859 User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access

The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes...

5AI score0.00783EPSS
Exploits2References1
Rows per page
Query Builder