CVE-2023-6959

CVE-2023-6959 affects the WordPress plugin Getwid – Gutenberg Blocks. The issue is a missing capability check in the recaptcha_api_key_manage function, enabling unauthorized modification of Recaptcha Site Key and Recaptcha Secret Key by authenticated users with subscriber-level access or higher. ...

CVE-2024-1177 WP Club Manager – WordPress Sports Club Plugin <= 2.2.10 - Missing Authorization to Unauthenticated Event Permalink Update

The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update th...

CVE-2024-1177

CVE-2024-1177 concerns the WP Club Manager WordPress plugin. Multiple connected sources confirm a missing capability check in settings_save() across versions up to and including 2.2.10, causing unauthorized modification of data by unauthenticated users and allowing updates to the clubs permalink ...

CVE-2024-0370 Views for WPForms <= 3.2.2 - Missing Authorization via save_view

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated...

CVE-2024-0324

CVE-2024-0324 affects the WordPress plugin User Profile Builder (Profile Builder) up to version 3.10.8. The root cause is a missing capability check in the wppb_two_factor_authentication_settings_update function, allowing unauthenticated attackers to enable/disable 2FA for arbitrary user roles in...

CVE-2024-0791

CVE-2024-0791 (WOLF – WordPress Posts Bulk Editor and Manager Professional) is a vulnerability in the WOLF plugin for WordPress (v1.0.8.1 and earlier) caused by a missing capability check in wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term. This allows authenticated users with...

CVE-2024-0791

The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm functions in all versions up to, and...

WordPress plugin WOLF security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress plugin WP Club Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-15505 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to a missing capability check on the save view function, allowing...

WordPress plugin Views for WPForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Views for WPForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin 10Web AI Assistant security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin Getwid security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress plugin RSS Aggregator by Feedzy Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

Location Picker at Checkout for WooCommerce < 1.9.0 - Missing Authorization via checkout_map_rules_order_ajax_handler

Description The Location Picker at Checkout for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkoutmaprulesorderajaxhandler function in versions up to, and including, 1.8.9. This makes it possible for authenticated...

CVE-2024-1047

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API ke...

CVE-2024-1047 ThemeIsle SDK <= Various Versions - Missing Authorization

Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the registerreference function in various versions. This makes it possible for unauthenticated attackers to update options values that allow...

CVE-2024-1047

CVE-2024-1047 concerns Orbit Fox by ThemeIsle (WordPress) with a vulnerability in register_reference() causing unauthorized modification of data. The issue exists in all versions up to and including 2.10.28 due to a missing capability check, enabling unauthenticated attackers to update the connec...

WordPress plugin WordPress Review & Structure Data Schema Plugin - Review Schema Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WordPress Review & Structu...