10518 matches found
ProfileGrid < 5.8.7 - Missing Authorization
Description The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdismissiblenotice and pmwizardupdategroupicon functions in all versions up to, and including, 5.8.6. This makes it...
Vulnerability of the Client component: mysqldump in the Oracle MySQL Server database management system. This component allows attackers to gain unauthorized access for reading, adding, modifying, or deleting protected information, or to cause a service failure.
The vulnerability of the Client component, mysqldump in the Oracle MySQL Server database management system, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, add, modify, or delete protected...
RHEL 7 : podman (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - podman: Privilege escalation in API component CVE-2019-25067 - An incorrect handling of the supplementary...
CVE-2024-4958
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This makes it...
CVE-2024-4958 User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.2.0.1 - Missing Authorization to Privilege Escalation
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This makes it...
CVE-2024-36246
Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...
CVE-2024-36246
Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...
CVE-2024-36246
CVE-2024-36246 corresponds to a Missing Authorization for coejobhook Command Execution (CWE-862) in Yokogawa Unifier and Unifier Cast. Public sources confirm an Arbitrary Code Execution vector with LocalSystem privileges if exploited. Affected versions include Unifier and Unifier Cast 5.0+ (befor...
CVE-2024-23847
The CVE-2024-23847 issue affects Yokogawa Unifier and Unifier Cast (Unifier 5.0+ and Unifier Cast 5.0+, up to before v5.10.6; unpatched versions). Root cause: Incorrect default permissions (Cast Launcher CWE-276) enabling arbitrary code execution with LocalSystem privileges. Impact: potential ins...
CVE-2024-23847
Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...
CVE-2024-23847
Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin < 3.2.1 - Missing Authorization to Privilege Escalation
Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importformaction' function in versions up to, and including, 3.2.0.1. This...
CVE-2024-5326
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated...
CVE-2024-5326
The CVE-2024-5326 issue affects the WordPress plugin Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX (versions up to 4.1.2). It has a missing capability check in postx_presets_callback that lets authenticated attackers with Contributor-level access and above modify arbitrary options,...
CVE-2024-5326 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postxpresetscallback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated...
CVE-2024-4427 Comparison Slider <= 1.0.5 - Missing Authorization
The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugi...
CVE-2024-3277
The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...
CVE-2024-3277 Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification
The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...
PT-2024-31095 · WordPress · Comparison Slider
Name of the Vulnerable Software and Affected Versions: Comparison Slider plugin for WordPress versions up to, and including, 1.0.5 Description: The issue allows authenticated attackers with subscriber access or above to modify data due to a missing capability check on several AJAX actions. This...
WordPress plugin PostX 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...