10517 matches found
CVE-2024-4280 White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset
The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetplugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings...
CVE-2024-1693
The CVE-2024-1693 vulnerability affects the SP Project & Document Manager WordPress plugin. It arises from a missing capability check on the cdm_save_category AJAX action, enabling authenticated users with subscriber-level access and higher to rename arbitrary folders they do not own. Affected ve...
CVE-2024-1693 SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level acce...
SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update
Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with...
WidgetKit <= 2.5.0 - Missing Authorization to Notice Dismissal
Description The WidgetKit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wktdadsdismissnotice function in versions up to, and including, 2.4.8. This makes it possible for unauthenticated attackers to dismiss notices...
SUSE: Security Advisory (SUSE-SU-2024:1452-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:1451-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:1499-1 Security update for java-17-openjdk
This update for java-17-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup JDK-8315708,bsc1222987 -...
SUSE-SU-2024:1498-1 Security update for java-11-openjdk
This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup JDK-8315708,bsc1222987 -...
CVE-2024-1050
The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxforceresetpassworddeletemetas function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers,...
CVE-2024-1050
CVE-2024-1050 affects the Import and export users and customers WordPress plugin. A missing capability check in ajax_force_reset_password_delete_metas() allows authenticated subscribers+ to modify data by deleting all forced password resets. The issue impacts all versions up to 1.26.5; a patch is...
CVE-2024-1050 Import and export users and customers <= 1.26.5 - Missing Authorization
The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxforceresetpassworddeletemetas function in all versions up to, and including, 1.26.5. This makes it possible for authenticated attackers,...
CVE-2023-38724
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183...
PT-2024-10871 · Ibm · Ibm Cognos Controller
Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue allows a remote attacker to send specially crafted SQL statements, potentially enabling them to view, add, modify, or delete information in the back-end database. Thi...
PT-2024-16320 · WordPress · Export/Import Users/Customers
Name of the Vulnerable Software and Affected Versions: Import and export users and customers plugin for WordPress versions up to, and including, 1.26.5 Description: The issue is related to a missing capability check on the ajax force reset password delete metas function, allowing authenticated...
Metform Elementor Contact Form Builder < 3.8.4 - Missing Authorization to Notice Dismissal
Description The Metform Elementor Contact Form Builder is vulnerable to unauthorized modification of data due to a missing capability check on the dismissajaxcall function. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices...
Import and export users and customers < 1.26.6 - Missing Authorization
Description The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxforceresetpassworddeletemetas function in all versions up to, and including, 1.26.5. This makes it possible for authenticated...
CVE-2024-3942
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...
CVE-2024-3520
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tccscapatchsettings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber access...
CVE-2024-3233
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-lev...