Lucene search
K

10518 matches found

CNNVD
CNNVD
added 2024/06/08 12:0 a.m.8 views

WordPress plugin CF7 Google Sheets Connector security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.7AI score0.00352EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/08 12:0 a.m.5 views

WordPress plugin WP Reset security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS6.6AI score0.0028EPSS
Exploits0References3
NVD
NVD
added 2024/06/07 1:15 p.m.31 views

CVE-2024-5382

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/07 12:33 p.m.12 views

CVE-2024-5382 Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it...

6.5CVSS6.8AI score0.00319EPSS
Exploits0References2
CVE
CVE
added 2024/06/07 12:33 p.m.77 views

CVE-2024-5382

CVE-2024-5382 affects Master Addons – Free Widgets for Elementor (WordPress). A missing capability check on the ma-template REST API route allows unauthenticated attackers to create or modify Master Addons templates and related settings in all versions up to 2.0.6.1. The Red Hat advisory confirms...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/06/07 6:15 a.m.10 views

CVE-2023-6491

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtstsaveviewsticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and...

4.3CVSS6.3AI score0.00282EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/06/07 3:15 a.m.1 views

CVE-2024-5607

The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...

5.4CVSS6AI score0.00276EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/07 2:39 a.m.21 views

CVE-2024-5607 GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting

The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers,...

5.4CVSS0.00276EPSS
Exploits0References2
OSV
OSV
added 2024/06/07 2:15 a.m.5 views

CVE-2024-1689

The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access...

5.3CVSS5.9AI score0.00335EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/07 2:2 a.m.17 views

CVE-2023-6876 Clever Fox – One Click Website Importer by Nayra Themes <= 25.2.0 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme

The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated...

5.4CVSS6.5AI score0.00385EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/07 2:2 a.m.31 views

CVE-2024-1689 WooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation

The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS6.6AI score0.00335EPSS
Exploits0References3
CVE
CVE
added 2024/06/07 2:2 a.m.69 views

CVE-2024-1689

Technical details about CVE-2024-1689 (WooCommerce Tools) are not publicly provided in the supplied documents. No specific affected versions, exploit paths, or fixes are documented here; monitor for official updates from vendors/security advisories.

4.3CVSS5.4AI score0.00335EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.16 views

CF7 Google Sheets Connector < 5.0.10 - Missing Authorization to Limited Site Configuration Update

Description The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggl...

6.5CVSS6.5AI score0.00352EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.13 views

Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.2 - Missing Authorization to MA Template Creation or Modification

Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. Th...

6.5CVSS6.7AI score0.00319EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.11 views

Minimal Coming Soon – Coming Soon Page < 2.39 - Missing Authorization to Limited Settings Change

Description The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for...

6.3CVSS6.4AI score0.00436EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.4 views

WordPress plugin GDPR CCPA Compliance & Cookie Consent Banner Security Breach

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin GDP...

5.4CVSS6.6AI score0.00276EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.4 views

WordPress plugin WooCommerce Tools security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.8AI score0.00335EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/07 12:0 a.m.7 views

PT-2024-34448 · WordPress · The Minimal Coming Soon – Coming Soon Page

Name of the Vulnerable Software and Affected Versions: The Minimal Coming Soon – Coming Soon Page plugin for WordPress versions up to, and including, 2.38 Description: The issue is related to unauthorized modification of data due to a missing capability check on the validate ajax, deactivate ajax...

6.3CVSS6.7AI score0.00436EPSS
Exploits0References16
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.3 views

WordPress plugin Master Addons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

6.5CVSS6.8AI score0.00319EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/06/07 12:0 a.m.2 views

WordPress plugin Strong Testimonials security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

4.3CVSS6.5AI score0.00282EPSS
Exploits0References3
Rows per page
Query Builder