Lucene search
K

10517 matches found

WPVulnDB
WPVulnDB
added 2024/03/29 12:0 a.m.14 views

Integrate Google Drive < 1.3.9 - Missing Authorization to Unauthenticated Settings Modification and Export

Description The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check o...

10CVSS6.4AI score0.0074EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/03/27 9:15 a.m.14 views

CVE-2024-2962

The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to...

5.3CVSS5.1AI score0.00504EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/27 8:31 a.m.28 views

CVE-2024-2962 Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization

The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to...

5.3CVSS5.3AI score0.00504EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/27 8:31 a.m.12 views

CVE-2024-2962 Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization

The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to...

5.3CVSS7.2AI score0.00504EPSS
Exploits0References3
CVE
CVE
added 2024/03/27 8:31 a.m.67 views

CVE-2024-2962

CVE-2024-2962 affects the Networker - Tech News WordPress Theme with Dark Mode. The vulnerability arises from a missing capability check in the admin_reload_nav_menu() function, affecting all versions up to and including 1.1.9. This allows unauthenticated attackers to modify the location of displ...

5.3CVSS6AI score0.00504EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.18 views

WholesaleX < 1.3.2 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX actions

Description The WholesaleX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcinstallcallback AJAX function in versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and...

8.8CVSS6.7AI score0.00474EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/26 4:15 p.m.3 views

CVE-2024-25958

Dell Grab for Windows, versions up to and including 5.0.4, contain Weak Application Folder Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to privilege escalation, unauthorized access to application data, unauthorized modification of...

7.8CVSS5.7AI score0.00127EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/26 12:0 a.m.20 views

Networker - Tech News WordPress Theme with Dark Mode < 1.1.10 - Missing Authorization

Description The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated...

5.3CVSS6.7AI score0.00504EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/22 12:0 a.m.14 views

WooCommerce Clover Payment Gateway < 1.3.2 - Missing Authorization via callback_handler

Description The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callbackhandler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark...

5.3CVSS6.4AI score0.00641EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/03/21 10:39 p.m.60 views

CVE-2024-2453

CVE-2024-2453 affects Advantech WebAccess/SCADA (browser-based SCADA). The vulnerability is an SQL Injection in WebAccess/SCADA: an authenticated attacker can remotely inject SQL code into the database, potentially reading or modifying data on the remote database. Affected product/version: WebAcc...

6.4CVSS6.6AI score0.003EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/03/21 4:15 a.m.3 views

CVE-2023-48902

An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php...

9.8CVSS7.3AI score0.01277EPSS
Exploits3References2
NVD
NVD
added 2024/03/20 7:15 a.m.8 views

CVE-2024-1844

The RevivePress – Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the importdata and copydata functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated...

4.3CVSS4.3AI score0.00419EPSS
Exploits0References4
CVE
CVE
added 2024/03/20 6:48 a.m.56 views

CVE-2024-1844

CVE-2024-1844 (RevivePress plugin) Vulnerability in RevivePress – Keep your Old Content Evergreen for WordPress (up to version 1.5.6) due to missing capability checks in import_data and copy_data. This enables authenticated attackers with subscriber-level access or higher to view and modify plugi...

4.3CVSS8.9AI score0.00419EPSS
Exploits0References4
NVD
NVD
added 2024/03/20 6:15 a.m.10 views

CVE-2024-2538

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...

5.4CVSS5.2AI score0.00568EPSS
Exploits1References3
OSV
OSV
added 2024/03/20 6:15 a.m.3 views

CVE-2024-2538

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...

4.3CVSS7.4AI score0.00568EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/20 5:32 a.m.25 views

CVE-2024-2538 Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...

5.4CVSS5.5AI score0.00568EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.3 views

WordPress Plugin Permalink Manager Lite Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.7AI score0.00568EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/03/20 12:0 a.m.3 views

WordPress Plugin RevivePress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.7AI score0.00419EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.10 views

RevivePress < 1.5.6.1 - Subscriber+ Settings Update/Access

Description The plugin is vulnerable to unauthorized access and modification of data due to a missing capability check on the importdata and copydata functions. This makes it possible for authenticated attackers, with subscriber-level access or higher, to overwrite plugin settings and view them...

4.3CVSS5.3AI score0.00419EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/18 12:0 a.m.17 views

Permalink Manager < 2.4.3.2 - Missing Authorization to Authenticated(Author+) arbitrary post slug modification

Description The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author acces...

5.4CVSS6.8AI score0.00568EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder