Lucene search
K

10517 matches found

OSV
OSV
added 2024/05/22 4:15 a.m.6 views

CVE-2024-0452

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifileuploadcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

7.7CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2024/05/22 4:15 a.m.25 views

CVE-2024-0452

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifileuploadcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

7.7CVSS5.3AI score0.00363EPSS
Exploits0References3
CVE
CVE
added 2024/05/22 3:17 a.m.59 views

CVE-2024-0453

CVE-2024-0453 describes a vulnerability in the WordPress plugin AI ChatBot for WordPress (WPBot) where a missing capability check in openai_file_delete_callback allows authenticated users with subscriber-level access and above to delete files from a linked OpenAI account. The issue affects all ve...

7.7CVSS5.2AI score0.00363EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/05/22 3:17 a.m.38 views

CVE-2024-0452 AI ChatBot <= 5.3.4 - Missing Authorization via openai_file_upload_callback

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifileuploadcallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above...

5CVSS5.2AI score0.00363EPSS
Exploits0References3
CVE
CVE
added 2024/05/22 3:17 a.m.54 views

CVE-2024-0452

The CVE-2024-0452 entry for the AI ChatBot for WordPress (WPBot) is confirmed with concrete details: the vulnerability is a missing capability check in openai_file_upload_callback across all versions up to 5.3.4, allowing authenticated users with subscriber-level access or higher to upload files ...

7.7CVSS5.2AI score0.00363EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/22 12:0 a.m.11 views

RomethemeForm For Elementor < 1.1.6 - Missing Authorization via export_entries, rtformnewform, and rtformupdate

Description The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the exportentries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS9.3AI score0.00378EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/21 12:15 p.m.18 views

CVE-2024-3268

The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emdformbuilderlitesubmitform function in all versions up to, and including, 3.3.6. This makes it...

5.3CVSS5.7AI score0.00326EPSS
Exploits0References2
OSV
OSV
added 2024/05/21 9:15 a.m.8 views

CVE-2024-4875

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajaxdismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00755EPSS
Exploits1References3
NVD
NVD
added 2024/05/21 9:15 a.m.16 views

CVE-2024-4566

The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to set...

7.1CVSS6.8AI score0.00406EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/21 8:31 a.m.14 views

CVE-2024-4566 ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification

The ShopLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers, with contributor-level access and above, to set...

7.1CVSS6.5AI score0.00406EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/21 8:31 a.m.17 views

CVE-2024-4875 HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajaxdismiss' function in versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with...

4.3CVSS6.5AI score0.00755EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.11 views

AI ChatBot < 5.3.6 - Missing Authorization via openai_file_delete_callback

Description The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openaifiledeletecallback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level acce...

7.7CVSS6.4AI score0.00363EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.8 views

ShopLentor < 2.8.9 - Authenticated Option Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxdismiss function. This makes it possible for authenticated attackers, with contributor-level access and above, to set arbitrary WordPress options to "true". NOTE: This...

7.1CVSS6.6AI score0.00406EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/21 12:0 a.m.12 views

HT Mega < 2.5.3 - Subscriber+ Options Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxdismiss' function, allowing authenticated attackers, with subscriber-level permissions and above, to update options such as userscanregister, which can lead to unauthorized user...

4.3CVSS6.5AI score0.00755EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/20 12:0 a.m.15 views

WP Fundraising Donation and Crowdfunding Platform < 1.7.0 - Missing Authorization

Description The WP Fundraising Donation and Crowdfunding Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions surrounding donation modification in versions up to, and including, 1.6.4. This makes it possible for...

5.3CVSS6.6AI score0.00401EPSS
Exploits0References1Affected Software1
Amazon
Amazon
added 2024/05/20 12:0 a.m.5 views

Low: java-11-openjdk

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10,...

3.7CVSS5.3AI score0.01361EPSS
Exploits0
OSV
OSV
added 2024/05/18 8:15 a.m.3 views

CVE-2024-2782

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...

7.5CVSS5.8AI score0.0123EPSS
Exploits0References2
NVD
NVD
added 2024/05/18 8:15 a.m.26 views

CVE-2024-2782

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...

7.5CVSS7.5AI score0.0123EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/18 7:38 a.m.33 views

CVE-2024-2782 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...

7.5CVSS7.5AI score0.0123EPSS
Exploits0References2
CVE
CVE
added 2024/05/18 7:38 a.m.124 views

CVE-2024-2782

CVE-2024-2782 affects WordPress plugin Fluent Forms (Contact Form Plugin for Quiz, Survey, and Drag & Drop WP Form Builder) versions

7.5CVSS6.5AI score0.0123EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder