Broken Link Checker | Finder < 2.5.0 - Missing Authorization via moblc_auth_save_settings

Description The Broken Link Checker | Finder plugin for WordPress is vulnerable to modification of data due to a missing capability check on the moblcauthsavesettings function in versions up to, and including, 2.4.2. This makes it possible for unauthenticated attackers to dismiss admin notificati...

WordPress Backup & Migration < 1.4.2 - Missing Authorization to Settings and Schedule Modification

Description The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wtsavesettings and saveschedule functions in versions up to, and including, 1.4.1. This makes it possible for authenticated attackers, with...

Convertful – Your Ultimate On-Site Conversion Tool < 2.6 - Missing Authorization via add_woo_coupon

Description The Convertful – Your Ultimate On-Site Conversion Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addwoocoupon' REST function in versions up to, and including, 2.5. This makes it possible for unauthenticated...

Draw Attention < 2.0.16 - Improper Access Control via register_cpt

Description The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due improper capability mapping on the registercpt function in versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with contributor-level access and above,...

Category Slider for WooCommerce < 1.4.16 - Missing Authorization via notice dismissal functionality

Description The Category Slider for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability and nonce check on various admin notice dismissal functions in versions up to, and including, 1.4.15. This makes it possible for authenticated attacker...

Flo Forms <= 1.0.41 - Missing Authorization via flo_send_test_email

Description The Flo Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flosendtestemail function in versions up to, and including, 1.0.41. This makes it possible for authenticated attackers, with subscriber-level access and above...

WooODT Lite < 2.4.7 - Missing Authorization to Arbitrary Options Update

Description The WooODT Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the byconsolewooodtadminfieldssettingfiles function hooked via AJAX in versions up to, and including, 2.4.6. This makes it possible for authenticated attackers,...

Just Custom Fields <= 3.3.2 - Missing Authorization on AJAX Actions

Description The Just Custom Fields plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on various AJAX actions in versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with subscriber-level access and above,...

AWeber < 7.3.10 - Missing Authorization via AJAX actions

Description The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked by AJAX actions in all versio...

Tilda Publishing <= 0.3.21 - Missing Authorization

Description The Tilda Publishing plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on several functions hooked via AJAX actions such as 'ajaxexportfile,' 'ajaxsync,' 'ajaxgetkeys,' 'ajaxswitcherstatus,' and more in versions ...

WiserNotify Social Proof < 2.6 - Missing Authorization

Description The WiserNotify Social Proof plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the varifyapi function hooked via an AJAX action in versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to...

Auto Tag Creator <= 1.0.2 - Missing Authorization via tag_save_settings_callback

Description The Auto Tag Creator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsavesettingscallback function in versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level...

Funnelforms Free < 3.4.2 - Missing Authorization to Arbitrary Post Duplication

Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...

CVE-2023-6007

The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...

CVE-2023-5419

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2023-5416

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2023-5415

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaddcategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2023-5417

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfupdatecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

CVE-2023-5385

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

CVE-2023-5386

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...