WordPress plugin tencentcloud-cos 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-9705 Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update

The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsmupdatetemplatenamelite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with...

WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions vulnerability

Missing Authorization to Authenticated Subscriber+ Filter Updates/Deletions vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Message Filter for Contact Form 7 versions = 1.6.3...

PT-2024-9180 · Jetbrains · Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.51866 Description: The issue is related to the absence of an authorization procedure when handling a query parameter, allowing an unauthenticated database backup download. This could enable a remote...

WordPress WP User Manager plugin <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Meta Key Enumeration vulnerability

Missing Authorization to Authenticated Subscriber+ User Meta Key Enumeration vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin WP User Manager versions = 2.9.11...

WordPress WP User Manager plugin <= 2.9.11 - Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal vulnerability

Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal vulnerability discovered by BrokenAC ignore in WordPress Plugin WP User Manager versions = 2.9.11...

WordPress My Contador lesr plugin <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export vulnerability

Missing Authorization to Unauthenticated User Registration CSV Export vulnerability discovered by SOPROBRO in WordPress Plugin My Contador lesr versions = 2.0...

WordPress Ultimate YouTube Video & Shorts Player With Vimeo plugin <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Playlist/Video Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Playlist/Video Deletion vulnerability discovered by Mika in WordPress Plugin Ultimate YouTube Video & Shorts Player With Vimeo versions = 3.3...

PT-2024-30349 · Unknown · Masteriyo - Lms

Name of the Vulnerable Software and Affected Versions: Masteriyo - LMS versions 1.11.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For Masteriyo - LMS versions 1.11....

WordPress Webba Booking plugin <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+) CSS Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ CSS Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin Webba Booking versions = 5.0.48...

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server. Exploitation is facilitated by bypassing...

WordPress Amelia plugin <= 1.2.4 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by Nadim Zubidat in WordPress Plugin Amelia versions = 1.2.4...

WordPress Form Vibes – Database Manager for Forms plugin <= 1.4.12 - Missing Authorization in Multiple Functions vulnerability

Missing Authorization in Multiple Functions vulnerability discovered by Peter Thaleikis in WordPress Plugin Form Vibes – Database Manager for Forms versions = 1.4.12...

WordPress plugin Get Better Reviews for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Cost Calculator Builder plugin <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Content Creation vulnerability discovered by Lucio Sá in WordPress Plugin Cost Calculator Builder versions = 3.2.12...

UBUNTU-CVE-2024-6375

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, pri...

CVE-2023-3204 Materialis <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update

The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companiondisablepopup function called via an AJAX action. This makes it possible for authenticated attackers, with...

CVE-2023-48760

Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13...

WordPress plugin JetElements For Elementor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

Wordpress LatePoint Plugin plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR vulnerability

Missing Authorization and Sensitive Information Exposure via IDOR vulnerability discovered by Gharib Sharifi - WaveSec, Joel Aviad Ossi in WordPress Plugin LatePoint versions = 4.9.9...