10517 matches found
CVE-2024-4223
CVE-2024-4223 affects Tutor LMS – eLearning and online course solution (WordPress plugin) up to version 2.7.0. A missing capability check enables unauthenticated attackers to add, modify, or delete data via HTTP requests (network vector). Wordfence lists a patched status for this CVE, indicating ...
WordPress Plugin Tutor LMS Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-29798 · WordPress · Tutor Lms
Name of the Vulnerable Software and Affected Versions: Tutor LMS plugin for WordPress versions prior to 2.8.0 is not specified, however, the versions up to and including 2.7.0 are affected. Description: The issue allows unauthorized access, modification, and loss of data due to a missing capabili...
WordPress Plugin Tutor LMS Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Rockwell Automation FactoryTalk View SE 安全漏洞
Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation. Rockwell Automation FactoryTalk View SE suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in a back-end...
WordPress Plugin Tutor LMS Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress plugin Tutor LMS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-29795 · WordPress · Tutor Lms Pro
Name of the Vulnerable Software and Affected Versions: Tutor LMS Pro plugin for WordPress versions prior to 2.7.1 Description: The issue allows unauthorized access, modification, and loss of data due to a missing capability check on multiple functions. This enables unauthenticated attackers to ad...
CVE-2024-4010
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...
Security Bulletin: An IBM QRadar SIEM JDBC protocol is vulnerable to SQL injection (CVE-2024-1597)
Summary PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection which could allow a remote attacker to send specially crafted SQL statements enabling the attacker to view, add, modify or delete information. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC ...
CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...
CVE-2024-4010 Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible for...
CVE-2024-4010
CVE-2024-4010 affects the WordPress plugin Email Subscribers by Icegram Express (all versions up to 5.7.19). The root cause is a missing capability check in handle_ajax_request, enabling authenticated users with subscriber-level access and above to perform unauthorized actions that compromise con...
Contact List – Easy Business Directory, Staff Directory and Address Book Plugin < 2.9.88 - Missing Authorization to Notice Dismissal
Description The Contact List – Easy Business Directory, Staff Directory and Address Book Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processnotifications function in versions up to, and including, 2.9.87. This makes it...
SportsPress – Sports Club & League Manager < 2.7.21 - Missing Authorization to Notice Dismissal
Description The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addnotices function in versions up to, and including, 2.7.20. This makes it possible for authenticated attackers, with...
Tutor LMS < 2.7.1 - Missing Authorization
Description The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify,...
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...
weMail < 1.14.3 - Missing Authorization to Notice Dismissal
Description The weMail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the connectnotice function in versions up to, and including, 1.14.2. This makes it possible for unauthenticated attackers to dismiss notices...
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...