Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/05/23 8:22 a.m.18 views

CVE-2024-1175

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletepayment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete...

5.3CVSS6.8AI score0.00393EPSS
Exploits0References1
cvelist
cvelist
added 2024/06/06 3:53 a.m.39 views

CVE-2024-1175 WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletepayment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete...

5.3CVSS5.2AI score0.00393EPSS
Exploits0References3
cve
cve
added 2024/06/06 3:53 a.m.67 views

CVE-2024-1175

CVE-2024-1175 affects WP-Recall – Registration, Profile, Commerce & More for WordPress. Red Hat advisory RH:CVE-2024-1175 confirms an unauthenticated data loss vulnerability caused by a missing capability check in the delete_payment function, exploitable on all versions up to 16.26.6. The vulnera...

5.3CVSS5.6AI score0.00393EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2024/06/06 3:53 a.m.27 views

CVE-2024-1175 WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletepayment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete...

5.3CVSS6.9AI score0.00393EPSS
Exploits0References3
patchstack
patchstack
added 2024/06/06 12:0 a.m.12 views

WordPress WP-Recall Plugin <= 16.26.6 is vulnerable to Broken Access Control

Software WP-Recall Type Plugin Vulnerable versions = 16.26.6 Fixed in 16.26.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1175 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 53c9674dd5e6 Credits Francesco Carlucci Required...

5.3CVSS6.6AI score0.00393EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder