Lucene search
K

10517 matches found

Cvelist
Cvelist
added 2024/05/10 5:34 a.m.20 views

CVE-2024-4280 White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset

The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetplugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings...

5.3CVSS5.8AI score0.00425EPSS
Exploits0References2
CVE
CVE
added 2024/05/09 8:3 p.m.30 views

CVE-2024-1693

The CVE-2024-1693 vulnerability affects the SP Project & Document Manager WordPress plugin. It arises from a missing capability check on the cdm_save_category AJAX action, enabling authenticated users with subscriber-level access and higher to rename arbitrary folders they do not own. Affected ve...

4.3CVSS6.4AI score0.0042EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.22 views

CVE-2024-1693 SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS5.7AI score0.0042EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.8 views

SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update

Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with...

4.3CVSS6.8AI score0.0042EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.10 views

WidgetKit <= 2.5.0 - Missing Authorization to Notice Dismissal

Description The WidgetKit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wktdadsdismissnotice function in versions up to, and including, 2.4.8. This makes it possible for unauthenticated attackers to dismiss notices...

5.3CVSS6.7AI score0.00404EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/05/07 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2024:1452-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.7CVSS6.2AI score0.01361EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2024/05/07 12:0 a.m.28 views

openSUSE Security Advisory (SUSE-SU-2024:1451-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.7CVSS6.4AI score0.01361EPSS
Exploits0References8
OSV
OSV
added 2024/05/06 7:44 a.m.9 views

SUSE-SU-2024:1499-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup JDK-8315708,bsc1222987 -...

3.7CVSS5.1AI score0.01361EPSS
Exploits0References10
OSV
OSV
added 2024/05/06 7:42 a.m.9 views

SUSE-SU-2024:1498-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup JDK-8315708,bsc1222987 -...

3.7CVSS5AI score0.01361EPSS
Exploits0References12
NVD
NVD
added 2024/05/04 8:15 a.m.15 views

CVE-2024-1050

The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxforceresetpassworddeletemetas function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers,...

4.3CVSS4.8AI score0.00431EPSS
Exploits0References3
CVE
CVE
added 2024/05/04 7:36 a.m.62 views

CVE-2024-1050

CVE-2024-1050 affects the Import and export users and customers WordPress plugin. A missing capability check in ajax_force_reset_password_delete_metas() allows authenticated subscribers+ to modify data by deleting all forced password resets. The issue impacts all versions up to 1.26.5; a patch is...

4.3CVSS5.9AI score0.00431EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/04 7:36 a.m.25 views

CVE-2024-1050 Import and export users and customers <= 1.26.5 - Missing Authorization

The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxforceresetpassworddeletemetas function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers,...

4.3CVSS5.1AI score0.00431EPSS
Exploits0References3
OSV
OSV
added 2024/05/03 6:15 p.m.5 views

CVE-2023-38724

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183...

9.8CVSS6AI score0.00465EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.3 views

PT-2024-10871 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue allows a remote attacker to send specially crafted SQL statements, potentially enabling them to view, add, modify, or delete information in the back-end database. Thi...

7.2CVSS9.8AI score0.00504EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.4 views

PT-2024-16320 · WordPress · Export/Import Users/Customers

Name of the Vulnerable Software and Affected Versions: Import and export users and customers plugin for WordPress versions up to, and including, 1.26.5 Description: The issue is related to a missing capability check on the ajax force reset password delete metas function, allowing authenticated...

4.3CVSS6.8AI score0.00431EPSS
Exploits0References9
WPVulnDB
WPVulnDB
added 2024/05/03 12:0 a.m.17 views

Metform Elementor Contact Form Builder < 3.8.4 - Missing Authorization to Notice Dismissal

Description The Metform Elementor Contact Form Builder is vulnerable to unauthorized modification of data due to a missing capability check on the dismissajaxcall function. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices...

8.8CVSS6.8AI score0.00439EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/03 12:0 a.m.14 views

Import and export users and customers < 1.26.6 - Missing Authorization

Description The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxforceresetpassworddeletemetas function in all versions up to, and including, 1.26.5. This makes it possible for authenticated...

4.3CVSS6.6AI score0.00431EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/05/02 5:15 p.m.26 views

CVE-2024-3942

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

6.3CVSS6.2AI score0.00384EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 5:15 p.m.11 views

CVE-2024-3520

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tccscapatchsettings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber access...

4.3CVSS4.3AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 5:15 p.m.18 views

CVE-2024-3233

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-lev...

4.3CVSS4.3AI score0.00445EPSS
Exploits0References2
Rows per page
Query Builder