2 matches found
WordPress NextMove Lite plugin <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission vulnerability
Missing Authorization to Authenticated Subscriber+ Deactivation Reason Submission vulnerability discovered by incognito in WordPress Plugin NextMove Lite versions = 2.19.0...
CVE-2024-10663
The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbyeformcallback function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with...