Lucene search
K

2946 matches found

Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.11 views

PT-2023-23266 · WordPress · B2Bking

Name of the Vulnerable Software and Affected Versions: B2BKing plugin for WordPress versions up to, and including, 4.6.00 Description: The issue allows authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site due to a missing capabilit...

6.5CVSS6.8AI score0.0074EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.8 views

PT-2023-12490 · WordPress · Woocommerce Multi Currency

Name of the Vulnerable Software and Affected Versions: WooCommerce Multi Currency plugin for WordPress versions up to, and including, 2.1.17 Description: The issue is related to authorization bypass due to a missing capability check on the wmc bulk fixed price function. This allows authenticated...

6.5CVSS6.2AI score0.00802EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.6 views

PT-2023-12442 · WordPress · Ulisting

Name of the Vulnerable Software and Affected Versions: uListing plugin for WordPress versions up to, and including, 1.6.6 Description: The issue is related to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file. This affects the...

7.5CVSS5.2AI score0.00946EPSS
Exploits1References5
OSV
OSV
added 2023/06/03 5:15 a.m.4 views

CVE-2023-2415

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attacker...

5.4CVSS6.7AI score0.00698EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2023/06/03 5:15 a.m.2 views

CVE-2023-2299

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction...

5.3CVSS7.2AI score0.00645EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/05/31 4:15 a.m.3 views

CVE-2023-2434

The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings...

3.8CVSS6.7AI score0.00668EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/05/31 3:15 a.m.3 views

CVE-2023-2547

The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions...

5.4CVSS6.8AI score0.00442EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/05/31 3:15 a.m.3 views

CVE-2023-2545

The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS7.2AI score0.00714EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/31 2:40 a.m.9 views

CVE-2023-2547

The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions...

5.4CVSS5.2AI score0.00442EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/31 12:0 a.m.6 views

PT-2023-19526 · WordPress · Nested Pages

Name of the Vulnerable Software and Affected Versions: Nested Pages plugin for WordPress versions up to, and including, 3.2.3 Description: The issue is related to a missing capability check on the reset function, which allows authenticated attackers with editor-level permissions and above to rese...

3.8CVSS5.1AI score0.00668EPSS
Exploits0References7
OSV
OSV
added 2023/05/26 5:15 p.m.5 views

UBUNTU-CVE-2023-2002

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

6.8CVSS6.6AI score0.0147EPSS
Exploits2References22
Cvelist
Cvelist
added 2023/05/26 12:0 a.m.21 views

CVE-2023-2002

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

7.1AI score0.0147EPSS
Exploits2References5
OSV
OSV
added 2023/05/20 3:15 a.m.4 views

CVE-2023-2716

The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajaxuploadfile' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access...

5.4CVSS7.3AI score0.00467EPSS
Exploits0References3
OSV
OSV
added 2023/05/20 3:15 a.m.5 views

CVE-2023-2715

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...

4.3CVSS6.6AI score0.00561EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/05/20 3:15 a.m.7 views

CVE-2023-2716

The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajaxuploadfile' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access...

5.4CVSS6.8AI score0.00467EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/05/20 3:15 a.m.3 views

CVE-2023-2714

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'checklicense' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS6.7AI score0.00528EPSS
Exploits0References5
OSV
OSV
added 2023/05/20 3:15 a.m.7 views

CVE-2023-2714

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'checklicense' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS5.8AI score0.00528EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/05/20 2:3 a.m.27 views

CVE-2023-2714 Groundhogg <= 2.7.9.8 - Missing Authorization to Update License

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'checklicense' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS4.6AI score0.00528EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/05/20 2:3 a.m.8 views

CVE-2023-2715 Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...

4.3CVSS6.6AI score0.00561EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/20 12:0 a.m.6 views

PT-2023-20975 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to a missing capability check on the submit ticket function, allowing authenticated attackers to create a support ticket that sends the...

4.3CVSS5.3AI score0.00561EPSS
Exploits0References7
Rows per page
Query Builder