Lucene search
K

10518 matches found

BDU FSTEC
BDU FSTEC
added 2024/06/07 12:0 a.m.8 views

The vulnerability of the postx_presets_callback() function in the PostX plugin of the WordPres content management system allows a hacker to escalate their privileges and gain access to read, modify, or delete data.

The vulnerability of the postxpresetscallback function in the PostX plugin of the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges and gain access to read, modify,...

9CVSS5.5AI score0.01426EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2024/06/06 5:50 p.m.89 views

CVE-2024-3104

CVE-2024-3104 affects mintplex-labs/anything-llm. The vulnerability arises from improper handling of environment variables, enabling remote code execution via POST /api/system/update-env. Affected versions are prior to 1.0.0; fix is in 1.0.0. Documented impact includes code execution on the host,...

9.8CVSS9.6AI score0.0097EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/06 5:50 p.m.21 views

CVE-2024-3104 Remote Code Execution in mintplex-labs/anything-llm

A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the POST /api/system/update-env endpoint, which allows for the execution of...

9.6CVSS8.1AI score0.0097EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2024/06/06 4:15 a.m.2 views

CVE-2024-5449

The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...

4.3CVSS5.9AI score0.00346EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/06 3:32 a.m.12 views

CVE-2024-5449 WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization

The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...

4.3CVSS6.7AI score0.00346EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/06 3:32 a.m.24 views

CVE-2024-5449 WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization

The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...

4.3CVSS4.3AI score0.00346EPSS
Exploits0References3
NVD
NVD
added 2024/06/06 2:15 a.m.21 views

CVE-2024-5324

Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

8.8CVSS8.4AI score0.01507EPSS
Exploits0References7
OSV
OSV
added 2024/06/06 2:15 a.m.3 views

CVE-2024-4788

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createbhfpost function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00343EPSS
Exploits0References2
NVD
NVD
added 2024/06/06 2:15 a.m.12 views

CVE-2024-4788

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createbhfpost function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with...

4.3CVSS4.4AI score0.00343EPSS
Exploits0References3
NVD
NVD
added 2024/06/06 2:15 a.m.21 views

CVE-2023-6966

The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.6.3. This makes it possible for...

8.1CVSS7.8AI score0.00394EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/06 2:2 a.m.28 views

CVE-2023-6966 The Moneytizer <= 9.6.3 - Missing Authorization via multiple AJAX actions

The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.6.3. This makes it possible for...

8.1CVSS7.8AI score0.00394EPSS
Exploits0References3
CVE
CVE
added 2024/06/06 2:2 a.m.61 views

CVE-2023-6966

The Moneytizer WordPress plugin (The Moneytizer) is vulnerable in versions up to 9.5.20 due to a missing capability check in core_ajax.php across multiple AJAX functions. This allows authenticated users with subscriber privileges and higher to view/update billing and bank details, adjust plugin s...

8.1CVSS5.9AI score0.00394EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/06/05 8:15 a.m.16 views

CVE-2024-5453

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...

4.3CVSS4.4AI score0.00351EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/05 7:34 a.m.16 views

CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...

4.3CVSS6.7AI score0.00351EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/05 7:34 a.m.21 views

CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...

4.3CVSS4.4AI score0.00351EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.4 views

PT-2024-32870 · WordPress · Boostify Header Footer Builder

Name of the Vulnerable Software and Affected Versions: Boostify Header Footer Builder for Elementor plugin for WordPress versions up to, and including, 1.3.3 Description: The issue is related to unauthorized modification of data due to a missing capability check on the create bhf post function...

4.3CVSS6.7AI score0.00343EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.12 views

The Moneytizer <= 9.5.20 - Missing Authorization via multiple AJAX actions

Description The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.5.20. This makes it possible...

8.1CVSS6.4AI score0.00394EPSS
Exploits0References1
NVD
NVD
added 2024/06/04 6:15 a.m.13 views

CVE-2024-1718

The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the updateorderstatus function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers t...

5.3CVSS5.2AI score0.002EPSS
Exploits0References2
NVD
NVD
added 2024/06/04 6:15 a.m.15 views

CVE-2024-2019

The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbterender' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated...

7.5CVSS7.2AI score0.00382EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/04 5:32 a.m.26 views

CVE-2024-1718 Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update

The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the updateorderstatus function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers t...

5.3CVSS5.2AI score0.002EPSS
Exploits0References2
Rows per page
Query Builder