Lucene search
K

10515 matches found

Cvelist
Cvelist
added 2024/02/20 6:56 p.m.20 views

CVE-2024-1218 Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible fo...

4.3CVSS4.6AI score0.00308EPSS
Exploits0References2
CVE
CVE
added 2024/02/20 6:56 p.m.110 views

CVE-2024-1218

CVE-2024-1218 affects the Kali Forms WordPress plugin prior to 2.3.42. The issue is an inconsistent capability check on several REST endpoints, enabling an authenticated user with Contributor+ privileges to access and/or modify forms and form entries via the plugin API. Impact described in source...

5.4CVSS4.6AI score0.00308EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/20 6:56 p.m.31 views

CVE-2024-1389 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up to, and...

5.3CVSS5.4AI score0.00519EPSS
Exploits0References3
CVE
CVE
added 2024/02/20 6:56 p.m.109 views

CVE-2024-1389

CVE-2024-1389 affects the WordPress plugin “Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction.” Root cause: missing capability check in pms_stripe_connect_handle_authorization_return, in all versions up to and including 2.11.1. Impact: unauthenticate...

5.3CVSS5.4AI score0.00519EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/20 6:56 p.m.80 views

CVE-2024-0984

CVE-2024-0984 : The WordPress ImageRecycle pdf & image compression plugin is vulnerable in versions ≤ 3.1.13 due to a missing capability check on the disableOptimization function. This allows authenticated users with subscriber-level access and above to disable image optimization (broken access c...

4.3CVSS4.6AI score0.00372EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/20 6:56 p.m.137 views

CVE-2024-1322

The CVE affects the Directorist – WordPress Business Directory Plugin with Classified Ads Listings up to version 7.8.4. The root cause is a missing capability check in the setup_wizard, enabling unauthenticated attackers to modify data, recreate default pages, and enable/disable monetization or c...

5.3CVSS5.4AI score0.00524EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/02/20 6:56 p.m.21 views

CVE-2024-1288 Schema & Structured Data for WP & AMP <= 1.26 - Missing Authorization to reCaptcha Key Modification

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with...

4.3CVSS4.5AI score0.00431EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/20 6:56 p.m.12 views

CVE-2024-1322 Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change

The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possible for...

5.3CVSS6.7AI score0.00524EPSS
Exploits0References3
CVE
CVE
added 2024/02/20 6:56 p.m.90 views

CVE-2024-1044

CVE-2024-1044 concerns the WordPress plugin “Customer Reviews for WooCommerce.” The root cause is a missing capability check in the submit_review function across all versions up to and including 5.38.12, which allows unauthenticated attackers to submit reviews with arbitrary emails, regardless of...

5.3CVSS6.2AI score0.00409EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/20 6:56 p.m.83 views

CVE-2024-1091

The CVE-2024-1091 entry concerns ImageRecycle pdf & image compression for WordPress. A missing capability check in the reinitialize function across versions up to and including 3.1.13 leads to unauthorized data modification by authenticated users with subscriber-level access or higher. The vulner...

4.3CVSS5.2AI score0.00347EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/20 6:56 p.m.14 views

CVE-2024-1318

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzywizardstepprocess' and 'importstatus' functions in all versions up to, and...

6.5CVSS6.6AI score0.00518EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/20 6:56 p.m.13 views

CVE-2024-0983

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

4.3CVSS4.3AI score0.00372EPSS
Exploits0References2
CVE
CVE
added 2024/02/20 6:56 p.m.72 views

CVE-2024-1390

CVE-2024-1390 affects the WordPress plugin “Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction.” The vulnerability is a missing capability check in the creating_pricing_table_page function across versions up to 2.11.1, allowing authenticated users wit...

4.3CVSS4.6AI score0.00538EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/20 6:56 p.m.14 views

CVE-2024-1390

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including, 2.11.1. Thi...

4.3CVSS4.3AI score0.00538EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/02/20 12:40 p.m.2 views

mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

2.7CVSS7.3AI score0.00782EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/02/20 12:40 p.m.3 views

mysql: Server: DDL unspecified vulnerability (CPU Apr 2023)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

5.5CVSS7.3AI score0.01272EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/02/20 8:59 a.m.5 views

OpenJDK: IOR deserialization issue in CORBA (8303384)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...

5.3CVSS7.1AI score0.00888EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.7 views

PT-2024-16636 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue allows authenticated attackers with subscriber-level access and above to remove all plugin data due to a missing capability...

4.3CVSS9.3AI score0.00347EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.7 views

PT-2024-15960 · WordPress · Imagerecycle

Name of the Vulnerable Software and Affected Versions: ImageRecycle pdf & image compression plugin for WordPress versions up to, and including, 3.1.13 Description: The issue is related to a missing capability check on the enableOptimization function, allowing authenticated attackers with...

4.3CVSS8.8AI score0.00372EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.8 views

WooCommerce Google Sheet Connector < 1.3.12 - Missing Authorization

Description The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the executepostdata function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update...

5.3CVSS6.7AI score0.00431EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder