Lucene search
K

2947 matches found

ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.2 views

CVE-2023-2086

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templatecount function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While ...

4.3CVSS6.7AI score0.00572EPSS
Exploits0References4
OSV
OSV
added 2023/06/09 6:16 a.m.5 views

CVE-2023-2083

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is presen...

4.3CVSS6.6AI score0.00567EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.7 views

CVE-2023-2084

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is...

4.3CVSS6.7AI score0.00513EPSS
Exploits0References3
OSV
OSV
added 2023/06/09 6:16 a.m.6 views

CVE-2023-2084

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is...

4.3CVSS7.2AI score0.00513EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.2 views

CVE-2023-2066

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...

6.3CVSS6.8AI score0.00505EPSS
Exploits0References4
OSV
OSV
added 2023/06/09 6:16 a.m.8 views

CVE-2023-2066

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...

4.3CVSS5.8AI score0.00505EPSS
Exploits0References3
Prion
Prion
added 2023/06/09 6:16 a.m.11 views

Design/Logic Flaw

The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcssddelete action in versions up to, and including, 1.1.9. This makes it possible for authenticated...

4CVSS4.5AI score0.00434EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/06/09 6:16 a.m.20 views

Design/Logic Flaw

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is presen...

4CVSS4.5AI score0.00567EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.3 views

CVE-2023-1843

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to unauthorized permalink structure update due to a missing capability check on the permalinksetup function in versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to change the...

6.5CVSS6.7AI score0.00629EPSS
Exploits0References4
OSV
OSV
added 2023/06/09 6:15 a.m.3 views

CVE-2023-1375

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS5.8AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.2 views

CVE-2023-1375

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS5.9AI score0.00534EPSS
Exploits0References4
NVD
NVD
added 2023/06/09 6:15 a.m.27 views

CVE-2023-0291

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsmremovefilefdquestion AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrar...

9.1CVSS7.4AI score0.02034EPSS
Exploits5References4
Prion
Prion
added 2023/06/09 6:15 a.m.17 views

Authorization

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the 'fileuploadercallback' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the...

4CVSS4.5AI score0.00573EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/06/09 6:15 a.m.26 views

Design/Logic Flaw

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized cache deletion in versions up to, and including, 1.1.2 due to a missing capability check in the deleteCacheToolbar function . This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4CVSS4.4AI score0.00534EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.11 views

CVE-2023-2275 WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API

The WooCommerce Multivendor Marketplace – REST API plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'getitem', 'getordernotes' and 'addordernote' functions in versions up to, and including, 1.5.3. This makes it possibl...

4.3CVSS6.7AI score0.00466EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.31 views

CVE-2023-2280 WP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_public_action

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxpublic' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin...

6.5CVSS6.8AI score0.00601EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.44 views

CVE-2023-2086 Essential Blocks <= 4.0.6 - Missing Authorization via template_count

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templatecount function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While ...

4.3CVSS6.6AI score0.00572EPSS
Exploits0References3
CVE
CVE
added 2023/06/09 5:33 a.m.70 views

CVE-2023-0291

CVE-2023-0291 affects the WordPress plugin Quiz And Survey Master (versions up to and including 8.0.8). The issue is a missing capability check in the function tied to the qsm_remove_file_fd_question AJAX action, enabling unauthenticated attackers to delete arbitrary media files. Connected source...

9.1CVSS9AI score0.02034EPSS
Exploits5References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.10 views

CVE-2023-2084

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is...

4.3CVSS6.5AI score0.00513EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.4 views

PT-2023-20168 · WordPress · Wpcs – Wordpress Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: WPCS – WordPress Currency Switcher Professional plugin versions up to, and including, 1.1.9 Description: The issue allows authenticated attackers with subscriber-level permissions and above to edit an arbitrary custom drop-down currency...

4.3CVSS5.5AI score0.00409EPSS
Exploits0References4
Rows per page
Query Builder