8 matches found
EUVD-2024-51595
Malicious code in bioql PyPI...
CVE-2024-13428 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo due to missing validation on a user controlled key. This makes it possibl...
CVE-2024-13428 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo due to missing validation on a user controlled key. This makes it possibl...
WordPress WP Job Portal plugin <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo Deletion vulnerability
Insecure Direct Object Reference to Unauthenticated Company Logo Deletion vulnerability discovered by thevietronin in WordPress Plugin WP Job Portal versions = 2.2.6...
CVE-2024-12210 Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdnremoveshoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for authenticated attackers, wit...
CVE-2024-12210 Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdnremoveshoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for authenticated attackers, wit...
CVE-2024-12210
CVE-2024-12210 affects the Print Invoice & Delivery Notes for WooCommerce WordPress plugin. It allows authenticated users with Subscriber+ privileges to remove the shop logo due to a missing capability check on the wcdn_remove_shoplogo AJAX action, impacting all versions up to and including 5.4.0...
WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Logo Deletion vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin Print Invoice & Delivery Notes for WooCommerce versions = 5.4.0...