21408 matches found
MiracleLinux 8 : postgresql:16 (AXSA:2024-8740:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8740:01 advisory. postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 postgresql: PostgreSQL relation replacement during...
MiracleLinux 7 : rh-postgresql10-postgresql-10.12-2.el7 (AXSA:2020-4528:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4528:01 advisory. PostgreSQL: stack-based buffer overflow via setting a password CVE-2019-10164 PostgreSQL: ALTER ... DEPENDS ON EXTENSION is missing authorization...
CVE-2025-15466 Image Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management
The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple AJAX actions in all versions up to, and including, 3.6.9. This makes it possible for authenticated attackers, with...
CVE-2025-15466
CVE-2025-15466 refers to the WordPress plugin Image Photo Gallery Final Tiles Grid (Lite) with a vulnerability caused by missing capability checks on multiple AJAX actions, affecting all versions up to and including 3.6.9. The issue enables authenticated attackers with Contributor-level access or...
CVE-2025-14078
The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...
CVE-2025-14078
The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...
EUVD-2026-3140
The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...
CVE-2025-14982
The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...
CVE-2025-12168 Phrase TMS Integration for WordPress <= 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Log Deletion
The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxdeletelog' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with...
CVE-2025-12168 Phrase TMS Integration for WordPress <= 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Log Deletion
The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxdeletelog' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with...
CVE-2025-14029 Community Events <= 1.5.6 - Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' Parameter
The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxadmineventapproval function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to approve arbitrary events via t...
CVE-2025-14029
CVE-2025-14029 affects the WordPress plugin Community Events (versions up to and including 1.5.6). The issue is a missing capability check in ajax_admin_event_approval(), allowing unauthenticated attackers to approve arbitrary events via the eventlist parameter. Wordfence notes this vulnerability...
CVE-2025-14450
The CVE CVE-2025-14450 affects Wallet System for WooCommerce (WordPress) where a missing capability check in change_wallet_fund_request_status_callback allowed authenticated users with Subscriber+ privileges to modify wallet withdrawal requests and arbitrarily alter balances in versions up to 2.7...
PT-2026-3356
The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygent check webhook function combined with the paygent permission callback function unconditionally returning...
WordPress Phrase TMS Integration for WordPress plugin <= 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Log Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Log Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Phrase TMS Integration for WordPress versions = 4.7.5...
CVE-2025-14982
The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...
CVE-2026-1000
The CVE-2026-1000 entry describes a data-destructive vulnerability in the MailerLite – WooCommerce integration for WordPress (versions up to 3.1.3). Root cause: missing capability checks on resetIntegration(), enabling authenticated users with Subscriber-level access or higher to modify data it s...
CVE-2026-1000 MailerLite - WooCommerce integration <= 3.1.3 - Missing Authorization to Data Deletion
The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...
CVE-2025-12641
CVE-2025-12641 affects the Awesome Support – WordPress HelpDesk & Support Plugin for WordPress (versions up to 6.3.6). The vulnerability is an authorization bypass caused by missing capabilities checks in wpas_do_mr_activate_user and a nonce namespace issue that allows unauthenticated attackers t...
CVE-2025-14982 Booking Calendar <= 10.14.11 - Missing Authorization to Sensitive Information Exposure
The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all booking records in the...