10518 matches found
CVE-2024-34686
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...
CVE-2024-34683
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser...
CVE-2024-37177 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation
SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to confidentiality and...
Salon booking system < 10.0 - Missing Authorization
Description The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with...
MTN Group: FULL ACCOUNT TAKEOVER
The selfservice portal at https://mymtn.com.ng/ allowed an attacker to take over any Nigerian MTN phone number. The attacker was able to access the account holder's personal information, such as date of birth and full name. The attacker also had the ability to use any available airtime on the...
CVE-2024-5654
CVE-2024-5654 affects the CF7 Google Sheets Connector plugin for WordPress, in all versions up to and including 5.0.9. The root cause is a missing capability check on the execute_post_data_cg7_free function, enabling unauthenticated attackers to modify site configuration settings (e.g., WP_DEBUG,...
CVE-2024-5654 CF7 Google Sheets Connector <= 5.0.9 - Missing Authorization to Limited Site Configuration Update
The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...
CVE-2024-5654 CF7 Google Sheets Connector <= 5.0.9 - Missing Authorization to Limited Site Configuration Update
The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site...
CVE-2024-4468
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...
CVE-2024-4468
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...
CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...
CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber...
CVE-2024-4468
CVE-2024-4468 concerns the Salon Booking System plugin for WordPress. The issue arises from a missing capability check on functions hooked into admin_init, allowing authenticated users with subscriber access or higher to modify plugin settings and view discount codes intended for other users. Aff...
CVE-2024-5087 Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change
The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...
CVE-2024-5087
CVE-2024-5087 affects the Minimal Coming Soon – Coming Soon Page WordPress plugin. The vulnerability is caused by missing capability checks in AJAX handlers (validate_ajax, deactivate_ajax, save_ajax) on all versions up to 2.38, enabling authenticated users with Subscriber-level access and above ...
CVE-2024-4661 WP Reset <= 2.02 - Missing Authorization to License Key Modification
The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...
CVE-2024-4661 WP Reset <= 2.02 - Missing Authorization to License Key Modification
The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...
CVE-2024-5770
The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...
CVE-2024-5770
The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...
CVE-2024-5770 WP Force SSL & HTTPS SSL Redirect <= 1.66 - Missing Authorization to Settings Update
The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...