10517 matches found
CVE-2024-3072
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...
WordPress plugin ACF Front End Editor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...
Low: java-1.8.0-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows...
The vulnerability of the hide_notices() function in the Tutor LMS plugin for WordPress content management system allows a violator to gain access to read and modify data.
The vulnerability of the hidenotices function in the Tutor LMS plugin for WordPress-related content management systems is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to and modify data...
WP Club Manager < 2.2.12 - Missing Authorization
Description The WP Club Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcmmatchplayersitemorder function in versions up to, and including, 2.2.11. This makes it possible for unauthenticated attackers to modify an order sor...
ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
Description The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access...
ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
Description The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access an...
Advanced Local Pickup for WooCommerce < 1.6.2 - Missing Authorization to Notice Dismissal
Description The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminnoticesforalppro function in versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to...
Easy Property Listings < 3.5.4 - Missing Authorization via epl_update_listing_coordinates()
Description The Easy Property Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eplupdatelistingcoordinates function in versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to update...
Sirv < 7.2.3 - Missing Authorization to Arbitrary Options Update
Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirvdismissnotice function in all versions up to, and including, 7.2.2. This makes it possible for authenticated attackers, with...
Page Builder: Live Composer < 1.5.39 - Missing Authorization
Description The Page Builder: Live Composer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dslcajaxaddmodule function in versions up to, and including, 1.5.38. This makes it possible for authenticated attackers, with author-level...
VK Block Patterns < 1.31.1.1 - Missing Authorization
Description The VK Block Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vbpclearpatternscache function in versions up to, and including, 1.31.0. This makes it possible for unauthenticated attackers to clear the patterns...
SUSE-SU-2024:1452-1 Security update for java-11-openjdk
This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging JDK-8319851,bsc1222979 - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup JDK-8315708,bsc1222987 -...
CVE-2024-3664
CVE-2024-3664 affects the Quick Featured Images plugin for WordPress. The vulnerability is due to a missing capability check in set_thumbnail and delete_thumbnail, affecting all versions up to 13.7.0. It allows authenticated attackers with contributor level access or higher to delete thumbnails a...
CVE-2024-3664 Quick Featured Images <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting
The Quick Featured Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setthumbnail and deletethumbnail functions in all versions up to, and including, 13.7.0. This makes it possible for authenticated attackers, with...
CVE-2024-31077
Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service DoS condition...
GG Woo Feed for WooCommerce Shopping Feed < 1.2.7 - Missing Authorization
Description The GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /inc/Core/ajax-functions.php file in all versions up to, and...
WordPress plugin Quick Featured Images 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Open Close WooCommerce Store < 4.9.2 - Missing Authorization
Description The Open Close WooCommerce Store – Best Business Schedules Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxswitchactive and ajaxupdatetimezone functions in all versions up to, and including, 4.9.1. This makes...
OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708)
A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle...