10518 matches found
CVE-2024-5858
CVE-2024-5858 affects the AI Infographic Maker (Infographic Maker – iList) WordPress plugin. The vulnerability arises from a missing capability check on the qcld_openai_title_generate_desc AJAX action, allowing authenticated attackers with Subscriber+ access to modify arbitrary post titles in all...
CVE-2024-2544
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...
WordPress plugin AI Infographic Maker security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Popup Builder security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...
CVE-2024-2472
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startorusesessionforcustomer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view...
CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR
The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startorusesessionforcustomer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view...
CVE-2024-2472
CVE-2024-2472 relates to the LatePoint WordPress plugin. Public details confirm a Missing Authorization vulnerability via IDOR in all versions ≤ 4.9.9, enabling unauthenticated attackers to view other customers’ cabinets, access PII (e.g., emails), and change a user’s LatePoint password. The root...
Exploit for CVE-2024-5326
CVE-2024-5326 CVE-2024-5326 Post Grid Gutenberg Blocks and Wor...
CVE-2024-1094
The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This makes it...
CVE-2024-1094
The CVE-2024-1094 entry concerns the Timetics WP Timetics- AI-powered Appointment Booking with Visual Seat Plan and Calendar Scheduling plugin for WordPress. Affected versions are all up to and including 1.0.21, with a missing capability check in make_staff() that allows unauthenticated users to ...
WordPress plugin Timetics security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-29169
Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...
The vulnerability of the software for centralized management of FortiWeb Manager firewalls lies in the authentication procedures’ deficiencies, which allow an attacker to gain access to read, modify, or delete data.
The vulnerability of the FortiWeb Manager software for centralized control of network firewalls is related to deficiencies in its authentication procedures. Exploiting this vulnerability could allow an attacker to gain access to read, modify, or delete data by sending specially crafted HTTP...
The vulnerability of the software for centralized management of FortiWeb Manager firewalls lies in the authentication procedures’ deficiencies, which allow an attacker to gain access to read, modify, or delete data.
The vulnerability of the FortiWeb Manager software for centralized control of network firewalls is related to deficiencies in its authentication procedures. Exploiting this vulnerability could allow an attacker to gain access to read, modify, or delete data by sending specially crafted HTTP...
Dashboard To-Do List < 1.3.0 - Missing Authorization via ardtdw_widgetsetup()
Description The Dashboard To-Do List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ardtdwwidgetsetup function in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level acces...
GDPR/CCPA Cookie Consent Banner < 3.2.1 - Missing Authorization via handle_consent_toggle()
Description The GDPR/CCPA Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleconsenttoggle function in versions up to, and including, 3.2. This makes it possible for unauthenticated attackers to toggle conse...
Copymatic – AI Content Writer & Generator < 2.0 - Missing Authorization
Description The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the copymaticimportarticle function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, wit...
Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization
Description The Sensei LMS and Sensei Pro WC Paid Courses plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flushrewriterules function in versions up to, and including, 4.23.1 and . 4.24.0.1.24.0 respectively. This makes it possible...
Slider Responsive Slideshow – Image slider, Gallery slideshow < 1.4.2 - Missing Authorization
Description The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxslideresponsive and srsavesettings functions in versions up to, and including, 1.4.0. This makes it...
Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery < 1.4.6 - Missing Authorization
Description The Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaximagegallery and igsavesettings functions in versions up to, and including, 1.4.5. This...