2946 matches found
PT-2023-23266 · WordPress · B2Bking
Name of the Vulnerable Software and Affected Versions: B2BKing plugin for WordPress versions up to, and including, 4.6.00 Description: The issue allows authenticated attackers with subscriber or customer-level permissions to modify the pricing of any product on the site due to a missing capabilit...
PT-2023-12490 · WordPress · Woocommerce Multi Currency
Name of the Vulnerable Software and Affected Versions: WooCommerce Multi Currency plugin for WordPress versions up to, and including, 2.1.17 Description: The issue is related to authorization bypass due to a missing capability check on the wmc bulk fixed price function. This allows authenticated...
PT-2023-12442 · WordPress · Ulisting
Name of the Vulnerable Software and Affected Versions: uListing plugin for WordPress versions up to, and including, 1.6.6 Description: The issue is related to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file. This affects the...
CVE-2023-2415
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attacker...
CVE-2023-2299
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction...
CVE-2023-2434
The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings...
CVE-2023-2547
The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions...
CVE-2023-2545
The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2023-2547
The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions...
PT-2023-19526 · WordPress · Nested Pages
Name of the Vulnerable Software and Affected Versions: Nested Pages plugin for WordPress versions up to, and including, 3.2.3 Description: The issue is related to a missing capability check on the reset function, which allows authenticated attackers with editor-level permissions and above to rese...
UBUNTU-CVE-2023-2002
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...
CVE-2023-2002
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...
CVE-2023-2716
The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajaxuploadfile' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2023-2715
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...
CVE-2023-2716
The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajaxuploadfile' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access...
CVE-2023-2714
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'checklicense' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-2714
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'checklicense' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-2714 Groundhogg <= 2.7.9.8 - Missing Authorization to Update License
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'checklicense' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
CVE-2023-2715 Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation
The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...
PT-2023-20975 · WordPress · Groundhogg
Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to a missing capability check on the submit ticket function, allowing authenticated attackers to create a support ticket that sends the...