10512 matches found
Authorization
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post...
CVE-2023-3869 wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Comment Rating Increase/Decrease
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment...
CVE-2023-3998 wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post...
CVE-2023-4947
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
CVE-2023-4947
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
CVE-2021-4335
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with...
Information disclosure
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with...
CVE-2021-4335 Fancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX Actions
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with...
CVE-2021-4335
CVE-2021-4335 (Fancy Product Designer for WordPress) involves a broken access-control issue in versions up to 4.6.9 where multiple AJAX actions lack proper capability checks. This allows authenticated users with subscriber-level privileges to modify plugin settings, access arbitrary order informa...
CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
CVE-2023-4947
The CVE-2023-4947 entry concerns the WooCommerce EAN Payment Gateway plugin for WordPress. A missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0 allows authenticated attackers with contributor-level access or higher to modify EAN numbers on orders. The vulne...
CVE-2023-4947 WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update
The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...
WordPress Plugin wpDiscuz Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Vulnerability of the Installer component: The general installer for MySQL allows a perpetrator to gain access to read, modify, or delete data, and trigger a service failure.
Vulnerability of the Installer component: The general installer for MySQL is vulnerable due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to gain access to read, modify, or delete data, leading to service failure...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a malicious individual to gain unauthorized access to read, modify, or delete data, as well as to trigger a service failure.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, or delete data, thereby causing service failures...
The vulnerability of the PL/SQL component of the Oracle Database Server allows a hacker to gain unauthorized access to protected data or to modify, add, or delete protected data.
The vulnerability of the PL/SQL component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected data or to modify, add, or delete...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a malicious individual to gain unauthorized access to read, modify, or delete data, as well as to trigger a service failure.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, or delete data, thereby causing service failures...
OpenJDK: IOR deserialization issue in CORBA (8303384)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...
OpenJDK: IOR deserialization issue in CORBA (8303384)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...
OpenJDK: IOR deserialization issue in CORBA (8303384)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows...