Lucene search
K

10517 matches found

NVD
NVD
added 2024/04/30 9:15 a.m.22 views

CVE-2024-3072

The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...

4.3CVSS4.8AI score0.0034EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/30 12:0 a.m.5 views

WordPress plugin ACF Front End Editor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

4.3CVSS6.5AI score0.0034EPSS
Exploits0References3
Amazon
Amazon
added 2024/04/30 12:0 a.m.4 views

Low: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows...

3.7CVSS5.1AI score0.01361EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/04/30 12:0 a.m.6 views

The vulnerability of the hide_notices() function in the Tutor LMS plugin for WordPress content management system allows a violator to gain access to read and modify data.

The vulnerability of the hidenotices function in the Tutor LMS plugin for WordPress-related content management systems is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to and modify data...

6.5CVSS5.5AI score0.00466EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.11 views

WP Club Manager < 2.2.12 - Missing Authorization

Description The WP Club Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcmmatchplayersitemorder function in versions up to, and including, 2.2.11. This makes it possible for unauthenticated attackers to modify an order sor...

5.3CVSS6.9AI score0.00507EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.15 views

ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

Description The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.12 views

ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

Description The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access an...

4.3CVSS6.6AI score0.00361EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.12 views

Advanced Local Pickup for WooCommerce < 1.6.2 - Missing Authorization to Notice Dismissal

Description The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminnoticesforalppro function in versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to...

5.3CVSS6.9AI score0.00295EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.16 views

Easy Property Listings < 3.5.4 - Missing Authorization via epl_update_listing_coordinates()

Description The Easy Property Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eplupdatelistingcoordinates function in versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to update...

9.8CVSS7AI score0.00365EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.13 views

Sirv < 7.2.3 - Missing Authorization to Arbitrary Options Update

Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirvdismissnotice function in all versions up to, and including, 7.2.2. This makes it possible for authenticated attackers, with...

8.8CVSS6.9AI score0.00434EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.20 views

Page Builder: Live Composer < 1.5.39 - Missing Authorization

Description The Page Builder: Live Composer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dslcajaxaddmodule function in versions up to, and including, 1.5.38. This makes it possible for authenticated attackers, with author-level...

4.7CVSS6.7AI score0.00379EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.19 views

VK Block Patterns < 1.31.1.1 - Missing Authorization

Description The VK Block Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vbpclearpatternscache function in versions up to, and including, 1.31.0. This makes it possible for unauthenticated attackers to clear the patterns...

5.3CVSS6.9AI score0.00381EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/26 2:40 p.m.8 views

SUSE-SU-2024:1452-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup JDK-8315708,bsc1222987 -...

3.7CVSS5.1AI score0.01361EPSS
Exploits0References12
CVE
CVE
added 2024/04/23 7:36 a.m.55 views

CVE-2024-3664

CVE-2024-3664 affects the Quick Featured Images plugin for WordPress. The vulnerability is due to a missing capability check in set_thumbnail and delete_thumbnail, affecting all versions up to 13.7.0. It allows authenticated attackers with contributor level access or higher to delete thumbnails a...

4.3CVSS6.3AI score0.00341EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/23 7:36 a.m.20 views

CVE-2024-3664 Quick Featured Images <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting

The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setthumbnail and deletethumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with...

4.3CVSS4.6AI score0.00341EPSS
Exploits0References2
OSV
OSV
added 2024/04/23 5:15 a.m.4 views

CVE-2024-31077

Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service DoS condition...

7.2CVSS5.9AI score0.30361EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.20 views

GG Woo Feed for WooCommerce Shopping Feed < 1.2.7 - Missing Authorization

Description The GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /inc/Core/ajax-functions.php file in all versions up to, and...

4.3CVSS4.4AI score0.00337EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/04/23 12:0 a.m.4 views

WordPress plugin Quick Featured Images 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.8AI score0.00341EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/04/23 12:0 a.m.16 views

Open Close WooCommerce Store < 4.9.2 - Missing Authorization

Description The Open Close WooCommerce Store – Best Business Schedules Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxswitchactive and ajaxupdatetimezone functions in all versions up to, and including, 4.9.1. This makes...

4.3CVSS4.4AI score0.00337EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/22 4:33 p.m.3 views

OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle...

3.7CVSS7.2AI score0.00902EPSS
Exploits0References5
Rows per page
Query Builder