10515 matches found
CVE-2024-1218 Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization
The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible fo...
CVE-2024-1218
CVE-2024-1218 affects the Kali Forms WordPress plugin prior to 2.3.42. The issue is an inconsistent capability check on several REST endpoints, enabling an authenticated user with Contributor+ privileges to access and/or modify forms and form entries via the plugin API. Impact described in source...
CVE-2024-1389 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up to, and...
CVE-2024-1389
CVE-2024-1389 affects the WordPress plugin “Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction.” Root cause: missing capability check in pms_stripe_connect_handle_authorization_return, in all versions up to and including 2.11.1. Impact: unauthenticate...
CVE-2024-0984
CVE-2024-0984 : The WordPress ImageRecycle pdf & image compression plugin is vulnerable in versions ≤ 3.1.13 due to a missing capability check on the disableOptimization function. This allows authenticated users with subscriber-level access and above to disable image optimization (broken access c...
CVE-2024-1322
The CVE affects the Directorist – WordPress Business Directory Plugin with Classified Ads Listings up to version 7.8.4. The root cause is a missing capability check in the setup_wizard, enabling unauthenticated attackers to modify data, recreate default pages, and enable/disable monetization or c...
CVE-2024-1288 Schema & Structured Data for WP & AMP <= 1.26 - Missing Authorization to reCaptcha Key Modification
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with...
CVE-2024-1322 Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change
The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...
CVE-2024-1044
CVE-2024-1044 concerns the WordPress plugin “Customer Reviews for WooCommerce.” The root cause is a missing capability check in the submit_review function across all versions up to and including 5.38.12, which allows unauthenticated attackers to submit reviews with arbitrary emails, regardless of...
CVE-2024-1091
The CVE-2024-1091 entry concerns ImageRecycle pdf & image compression for WordPress. A missing capability check in the reinitialize function across versions up to and including 3.1.13 leads to unauthorized data modification by authenticated users with subscriber-level access or higher. The vulner...
CVE-2024-1318
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzywizardstepprocess' and 'importstatus' functions in all versions up to, and...
CVE-2024-0983
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
CVE-2024-1390
CVE-2024-1390 affects the WordPress plugin “Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction.” The vulnerability is a missing capability check in the creating_pricing_table_page function across versions up to 2.11.1, allowing authenticated users wit...
CVE-2024-1390
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...
mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
mysql: Server: DDL unspecified vulnerability (CPU Apr 2023)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...
OpenJDK: IOR deserialization issue in CORBA (8303384)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...
PT-2024-16636 · WordPress · Imagerecycle
Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to remove all plugin data due to a missing capability...
PT-2024-15960 · WordPress · Imagerecycle
Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue is related to a missing capability check on the enableOptimization function, allowing authenticated attackers with...
WooCommerce Google Sheet Connector < 1.3.12 - Missing Authorization
Description The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the executepostdata function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update...