Lucene search
K

10517 matches found

OSV
OSV
added 2024/05/02 5:15 p.m.5 views

CVE-2024-1677

The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and...

8.8CVSS5.8AI score0.00514EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 5:15 p.m.16 views

CVE-2024-1677

The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and...

8.8CVSS6.4AI score0.00514EPSS
Exploits0References3
NVD
NVD
added 2024/05/02 5:15 p.m.14 views

CVE-2024-0629

The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniffins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to order...

5.3CVSS5.1AI score0.00397EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 5:15 p.m.17 views

CVE-2023-7067

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

4.3CVSS4.3AI score0.0034EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.16 views

CVE-2024-3936 The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for...

4.3CVSS5.9AI score0.0056EPSS
Exploits0References3
CVE
CVE
added 2024/05/02 4:52 p.m.61 views

CVE-2024-3936

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid (WordPress) is affected by CVE-2024-3936 due to a missing capability check in rtTPGSaveSettings across all versions up to 7.6.1. This allows authenticated attackers with subscriber access or higher to modify the plugin’...

4.3CVSS6.3AI score0.0056EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.22 views

CVE-2024-3936 The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization

The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it possible for...

4.3CVSS5AI score0.0056EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.22 views

CVE-2024-1716 Admin Bar Remover <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateform function in all versions up to, and including, 1.0.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS4.6AI score0.00431EPSS
Exploits0References3
CVE
CVE
added 2024/05/02 4:52 p.m.53 views

CVE-2024-1716

CVE-2024-1716 targets the Admin Bar Remover plugin for WordPress. Connected sources confirm a missing capability check in update_form() across all versions up to 1.0.2.2, enabling authenticated attackers with subscriber-level access and above to toggle the frontend admin bar on target sites. The ...

4.3CVSS6.3AI score0.00431EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.12 views

CVE-2024-3233

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-lev...

4.3CVSS6.4AI score0.00445EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.12 views

CVE-2024-0629

The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniffins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make changes to order...

5.3CVSS6.7AI score0.00397EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.70 views

CVE-2023-7067

CVE-2023-7067 affects ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules (formerly WooLentor) WordPress plugin. All versions through 2.8.1 are vulnerable to unauthorized modification of data due to a missing capability check in woolentor_template_store. An authenticated attack...

4.3CVSS6.3AI score0.0034EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.21 views

CVE-2023-7067 ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function in all versions up to, and...

4.3CVSS4.6AI score0.0034EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.29 views

CVE-2024-1677 Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Improper Authorization

The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and...

6.3CVSS6.5AI score0.00514EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.17 views

CVE-2024-1677 Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Improper Authorization

The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and...

6.3CVSS5.9AI score0.00514EPSS
Exploits0References2
CVE
CVE
added 2024/05/02 4:52 p.m.61 views

CVE-2024-1677

CVE-2024-1677 affects the WordPress plugin Print Labels with Barcodes for WooCommerce. Root cause: improper capability checks on 42 AJAX functions, enabling authenticated users with subscriber access and above to fully control the plugin, including modifying settings, and creating, editing, retri...

8.8CVSS6.6AI score0.00514EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.17 views

CVE-2024-3942 MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticate...

6.3CVSS6.4AI score0.00384EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.8 views

CVE-2024-3071 ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS6AI score0.00361EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.8 views

CVE-2024-3895 WP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS6AI score0.00911EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/02 4:51 p.m.12 views

CVE-2024-1584 Analytify <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification

The Analytify – Google Analytics Dashboard For WordPress GA4 analytics made easy plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpacheckauthentication' function in all versions up to, and including, 5.2.1. This makes it possible f...

5.3CVSS5.9AI score0.00435EPSS
Exploits0References2
Rows per page
Query Builder