Lucene search
K

10515 matches found

Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.15 views

CVE-2024-1640 Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration

The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitformsupdateformentry AJAX action in all versions up to, and...

5.3CVSS6.7AI score0.00481EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.26 views

CVE-2024-1158 Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and including,...

4.3CVSS6.8AI score0.00507EPSS
Exploits0References3
CVE
CVE
added 2024/03/13 3:26 p.m.65 views

CVE-2024-1158

The CVE-2024-1158 entry concerns the WordPress plugin BuddyForms (Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions). All versions up to 2.8.7 are affected due to a missing capability check in buddyforms_new_page, enabling authenticated u...

4.3CVSS5.3AI score0.00507EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/03/13 3:26 p.m.50 views

CVE-2024-1843

CVE-2024-1843 (Auto Affiliate Links, WordPress) is a publicly known vulnerability in the WP Auto Affiliate Links plugin (affected versions up to 6.4.3) where a missing capability check in aalAddLink allows authenticated users with subscriber access or higher to modify data by adding arbitrary lin...

4.3CVSS5.3AI score0.00533EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/03/13 3:26 p.m.17 views

CVE-2024-1843 Auto Affiliate Links <= 6.4.3 - Missing Authorization via aalAddLink

The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add...

4.3CVSS4.8AI score0.00533EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.13 views

CVE-2024-1176 HT Easy GA4 – Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update

The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email...

5.3CVSS6.7AI score0.00611EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

WordPress Plugin ArtiBot Free Chat Bot for WordPress WebSites Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5CVSS6.6AI score0.00585EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

WordPress Plugin Post Form Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.5AI score0.00507EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

WordPress Plugin Wp Social Login and Register Social Counter Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.5CVSS6.7AI score0.0044EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.2 views

WordPress Plugin Bulk Edit Post Titles Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

4.3CVSS6.5AI score0.00428EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

WordPress Plugin Categorify Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.6AI score0.00578EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.3 views

WordPress Plugin Duitku Payment Gateway Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.5AI score0.0063EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.2 views

WordPress Plugin HT Easy GA4 Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.3CVSS6.7AI score0.00611EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.3 views

WordPress Plugin Auto Affiliate Links Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.4AI score0.00533EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.13 views

Accordion < 2.2.97 - Missing Authorization to Authenticated(Contributor+) Post Duplication

Description The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers,...

5.4CVSS6.5AI score0.00481EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

WordPress Plugin Contact Form Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.7AI score0.00481EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/03/13 12:0 a.m.26 views

SAP NetWeaver AS ABAP XSS (March 2024)

Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to...

6.1CVSS6AI score0.00474EPSS
Exploits0References3
NVD
NVD
added 2024/03/12 10:15 a.m.18 views

CVE-2023-4728

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and abov...

5.4CVSS4.2AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2024/03/12 10:15 a.m.4 views

CVE-2023-4626

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflowsavehook function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the...

4.3CVSS5.8AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2024/03/12 10:15 a.m.16 views

CVE-2023-4626

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflowsavehook function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the...

4.3CVSS4.3AI score0.0034EPSS
Exploits0References2
Rows per page
Query Builder