Lucene search
K

10518 matches found

CVE
CVE
added 2024/06/15 8:42 a.m.50 views

CVE-2024-5858

CVE-2024-5858 affects the AI Infographic Maker (Infographic Maker – iList) WordPress plugin. The vulnerability arises from a missing capability check on the qcld_openai_title_generate_desc AJAX action, allowing authenticated attackers with Subscriber+ access to modify arbitrary post titles in all...

4.3CVSS4.8AI score0.00323EPSS
Exploits0References3
OSV
OSV
added 2024/06/15 2:15 a.m.5 views

CVE-2024-2544

The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorized actions,...

6.4CVSS5.6AI score0.00271EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/15 12:0 a.m.3 views

WordPress plugin AI Infographic Maker security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.5AI score0.00323EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/15 12:0 a.m.4 views

WordPress plugin Popup Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...

7.4CVSS6.8AI score0.00271EPSS
Exploits0References3
NVD
NVD
added 2024/06/14 10:15 a.m.26 views

CVE-2024-2472

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startorusesessionforcustomer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view...

9.1CVSS0.00623EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/14 9:36 a.m.34 views

CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startorusesessionforcustomer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view...

9.1CVSS0.00623EPSS
Exploits0References4
CVE
CVE
added 2024/06/14 9:36 a.m.70 views

CVE-2024-2472

CVE-2024-2472 relates to the LatePoint WordPress plugin. Public details confirm a Missing Authorization vulnerability via IDOR in all versions ≤ 4.9.9, enabling unauthenticated attackers to view other customers’ cabinets, access PII (e.g., emails), and change a user’s LatePoint password. The root...

9.1CVSS9AI score0.00623EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2024/06/14 7:12 a.m.396 views

Exploit for CVE-2024-5326

CVE-2024-5326 CVE-2024-5326 Post Grid Gutenberg Blocks and Wor...

8.8CVSS6.5AI score0.01426EPSS
Exploits1
NVD
NVD
added 2024/06/14 5:15 a.m.16 views

CVE-2024-1094

The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This makes it...

7.3CVSS0.00542EPSS
Exploits0References2
CVE
CVE
added 2024/06/14 4:36 a.m.57 views

CVE-2024-1094

The CVE-2024-1094 entry concerns the Timetics WP Timetics- AI-powered Appointment Booking with Visual Seat Plan and Calendar Scheduling plugin for WordPress. Affected versions are all up to and including 1.0.21, with a missing capability check in make_staff() that allows unauthenticated users to ...

7.3CVSS5.9AI score0.00542EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.2 views

WordPress plugin Timetics security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.3CVSS6.5AI score0.00542EPSS
Exploits0References3
OSV
OSV
added 2024/06/13 4:15 p.m.5 views

CVE-2024-29169

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

8.1CVSS6AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.4 views

The vulnerability of the software for centralized management of FortiWeb Manager firewalls lies in the authentication procedures’ deficiencies, which allow an attacker to gain access to read, modify, or delete data.

The vulnerability of the FortiWeb Manager software for centralized control of network firewalls is related to deficiencies in its authentication procedures. Exploiting this vulnerability could allow an attacker to gain access to read, modify, or delete data by sending specially crafted HTTP...

7.8CVSS5.5AI score0.00439EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/13 12:0 a.m.6 views

The vulnerability of the software for centralized management of FortiWeb Manager firewalls lies in the authentication procedures’ deficiencies, which allow an attacker to gain access to read, modify, or delete data.

The vulnerability of the FortiWeb Manager software for centralized control of network firewalls is related to deficiencies in its authentication procedures. Exploiting this vulnerability could allow an attacker to gain access to read, modify, or delete data by sending specially crafted HTTP...

7.8CVSS5.5AI score0.00439EPSS
Exploits0References4Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.11 views

Dashboard To-Do List < 1.3.0 - Missing Authorization via ardtdw_widgetsetup()

Description The Dashboard To-Do List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ardtdwwidgetsetup function in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level acces...

8.8CVSS6.4AI score0.00333EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.9 views

GDPR/CCPA Cookie Consent Banner < 3.2.1 - Missing Authorization via handle_consent_toggle()

Description The GDPR/CCPA Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleconsenttoggle function in versions up to, and including, 3.2. This makes it possible for unauthenticated attackers to toggle conse...

7.3CVSS6.7AI score0.00278EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.17 views

Copymatic – AI Content Writer & Generator < 2.0 - Missing Authorization

Description The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the copymaticimportarticle function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, wit...

8.8CVSS6.4AI score0.00295EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.17 views

Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization

Description The Sensei LMS and Sensei Pro WC Paid Courses plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flushrewriterules function in versions up to, and including, 4.23.1 and . 4.24.0.1.24.0 respectively. This makes it possible...

6.4AI score0.00525EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.14 views

Slider Responsive Slideshow – Image slider, Gallery slideshow < 1.4.2 - Missing Authorization

Description The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxslideresponsive and srsavesettings functions in versions up to, and including, 1.4.0. This makes it...

8.8CVSS6.4AI score0.00356EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.14 views

Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery < 1.4.6 - Missing Authorization

Description The Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaximagegallery and igsavesettings functions in versions up to, and including, 1.4.5. This...

8.8CVSS6.4AI score0.00356EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder