10518 matches found
The vulnerability of the postx_presets_callback() function in the PostX plugin of the WordPres content management system allows a hacker to escalate their privileges and gain access to read, modify, or delete data.
The vulnerability of the postxpresetscallback function in the PostX plugin of the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges and gain access to read, modify,...
CVE-2024-3104
CVE-2024-3104 affects mintplex-labs/anything-llm. The vulnerability arises from improper handling of environment variables, enabling remote code execution via POST /api/system/update-env. Affected versions are prior to 1.0.0; fix is in 1.0.0. Documented impact includes code execution on the host,...
CVE-2024-3104 Remote Code Execution in mintplex-labs/anything-llm
A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the POST /api/system/update-env endpoint, which allows for the execution of...
CVE-2024-5449
The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...
CVE-2024-5449 WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization
The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...
CVE-2024-5449 WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing Authorization
The WP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdmsocialsharesaveoptions function in all versions up to, and...
CVE-2024-5324
Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2024-4788
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createbhfpost function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with...
CVE-2024-4788
The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createbhfpost function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with...
CVE-2023-6966
The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.6.3. This makes it possible for...
CVE-2023-6966 The Moneytizer <= 9.6.3 - Missing Authorization via multiple AJAX actions
The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.6.3. This makes it possible for...
CVE-2023-6966
The Moneytizer WordPress plugin (The Moneytizer) is vulnerable in versions up to 9.5.20 due to a missing capability check in core_ajax.php across multiple AJAX functions. This allows authenticated users with subscriber privileges and higher to view/update billing and bank details, adjust plugin s...
CVE-2024-5453
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...
CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...
CVE-2024-5453 ProfileGrid <= 5.8.6 - Missing Authorization
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it possible fo...
PT-2024-32870 · WordPress · Boostify Header Footer Builder
Name of the Vulnerable Software and Affected Versions: Boostify Header Footer Builder for Elementor plugin for WordPress versions up to, and including, 1.3.3 Description: The issue is related to unauthorized modification of data due to a missing capability check on the create bhf post function...
The Moneytizer <= 9.5.20 - Missing Authorization via multiple AJAX actions
Description The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.5.20. This makes it possible...
CVE-2024-1718
The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the updateorderstatus function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers t...
CVE-2024-2019
The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbterender' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated...
CVE-2024-1718 Claudio Sanches – Checkout Cielo for WooCommerce <= 1.1.0 - Insufficient Verification of Data Authenticity to Order Payment Status Update
The Claudio Sanches – Checkout Cielo for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient payment validation in the updateorderstatus function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers t...