10517 matches found
Integrate Google Drive < 1.3.9 - Missing Authorization to Unauthenticated Settings Modification and Export
Description The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check o...
CVE-2024-2962
The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to...
CVE-2024-2962 Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization
The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to...
CVE-2024-2962 Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization
The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to...
CVE-2024-2962
CVE-2024-2962 affects the Networker - Tech News WordPress Theme with Dark Mode. The vulnerability arises from a missing capability check in the admin_reload_nav_menu() function, affecting all versions up to and including 1.1.9. This allows unauthenticated attackers to modify the location of displ...
WholesaleX < 1.3.2 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX actions
Description The WholesaleX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcinstallcallback AJAX function in versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-25958
Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of...
Networker - Tech News WordPress Theme with Dark Mode < 1.1.10 - Missing Authorization
Description The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated...
WooCommerce Clover Payment Gateway < 1.3.2 - Missing Authorization via callback_handler
Description The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callbackhandler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark...
CVE-2024-2453
CVE-2024-2453 affects Advantech WebAccess/SCADA (browser-based SCADA). The vulnerability is an SQL Injection in WebAccess/SCADA: an authenticated attacker can remotely inject SQL code into the database, potentially reading or modifying data on the remote database. Affected product/version: WebAcc...
CVE-2023-48902
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php...
CVE-2024-1844
The RevivePress – Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the importdata and copydata functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated...
CVE-2024-1844
CVE-2024-1844 (RevivePress plugin) Vulnerability in RevivePress – Keep your Old Content Evergreen for WordPress (up to version 1.5.6) due to missing capability checks in import_data and copy_data. This enables authenticated attackers with subscriber-level access or higher to view and modify plugi...
CVE-2024-2538
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...
CVE-2024-2538
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...
CVE-2024-2538 Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...
WordPress Plugin Permalink Manager Lite Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Plugin RevivePress Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
RevivePress < 1.5.6.1 - Subscriber+ Settings Update/Access
Description The plugin is vulnerable to unauthorized access and modification of data due to a missing capability check on the importdata and copydata functions. This makes it possible for authenticated attackers, with subscriber-level access or higher, to overwrite plugin settings and view them...
Permalink Manager < 2.4.3.2 - Missing Authorization to Authenticated(Author+) arbitrary post slug modification
Description The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author acces...