CVE-2023-29065

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...

Preloader for Website < 1.3 - Missing Authorization via plwao_register_settings()

Description The Preloader for Website plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the plwaoregistersettings function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to reset the plugin's...

Jetpack < 12.7 - Improper Authorization via WPCom External Media REST endpoints

Description The Jetpack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the WPCom External Media REST permissioncallback function in versions up to and including 12.6.2. This makes it possible for authenticated attackers, with...

Unyson <= 2.7.28 - Missing Authorization

Description The Unyson plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions in versions up to, and including, 2.7.28. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

Customer Reviews for WooCommerce < 5.36.1 - Missing Authorization in Reviews Exporter

Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the checkprogress and cancelexport functions in versions up to, and including, 5.36.0. This makes it possible for...

MultiVendorX < 4.0.26 - Improper Authorization on REST Routes via 'save_settings_permission'

Description The MultiVendorX plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on the 'savesettingspermission' function for the REST routes instantiated by the 'mvxrestroutesreactmodule' function versions ...

Legal Pages < 1.3.8 - Missing Authorization on 'deleteLegalTemplate'

Description The Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteLegalTemplate function in versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with subscriber-level access and...

Bold Timeline Lite < 1.2.0 - Missing Authorization to Admin Notice Dismissal

Description The Bold Timeline Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a logic error on the boldtimelinewpdocsthisscreen function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level access an...

WP Users Media <= 4.2.3 - Missing Authorization via wpusme_save_settings

Description The WP Users Media plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpusmesavesettings function in versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber-level permission...

Product Recommendation Quiz for eCommerce < 2.1.2 - Missing Authorization in prq_set_token

Description The Product Recommendation Quiz for eCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the prqsettoken function in versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to modify...

LuckyWP Scripts Control <= 1.2.1 - Missing Authorization via multiple AJAX actions

Description The LuckyWP Scripts Control plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with...

Short URL <= 1.6.8 - Missing Authorization via multiple AJAX functions

Description The Short URL plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.6.8. This makes it possible for authenticated attackers such as...

WRC Pricing Tables < 2.3.8 - Missing Authorization

Description The WRC Pricing Tables plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on several functions including wrcptprocesspackagefeatures, wrcpteditpricingpackages, wrcptactivatetemplate and others in versions up to, and including, 2.3.7...

Surfer < 1.3.3.379 - Missing Authorization

Description The Surfer plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions, such as removepostdraftconnection, checkdraftstatus, getlocations, getajaxsurferconnecturl, disconnectsurferfromwp, and...

CoCart – Headless ecommerce <= 3.11.2 - Missing Authorization

Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function, allowing unauthenticated attackers to make unauthorized use of the unprotected function...

TK Google Fonts GDPR Compliant < 2.2.12 - Missing Authorization to Font Deletion

Description The TK Google Fonts GDPR Compliant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tkgooglefontsdeletefont function in all versions up to, and including, 2.2.11. This makes it possible for authenticated attackers, with...

UserPro < 5.1.2 - Missing Authorization via multiple functions

Description The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, o...

Funnelforms Free < 3.4.2 - Missing Authorization to Test Email Sending

Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions a...

Funnelforms Free < 3.4.2 - Missing Authorization to Category Deletion

Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permission...

Better Elementor Addons <= 1.3.6 - Missing Authorization

Description The Better Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the beaadminajax function hooked via an AJAX action in versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, wit...