28 matches found
CVE-2025-22729 WordPress VOD Infomaniak plugin <= 1.5.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Infomaniak Staff VOD Infomaniak allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VOD Infomaniak: from n/a through 1.5.9...
CVE-2024-56048
CVE-2024-56048 affects WPLMS (WordPress LMS) up to version 1.9.9. The vulnerability is a Missing Authorization/Unauthenticated Privilege Escalation that allows updating privileged options and accessing restricted functionality, with reported exploitation in multiple disclosures. Several connected...
CVE-2023-32293 WordPress WRC Pricing Tables plugin <= 2.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Realwebcare WRC Pricing Tables allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WRC Pricing Tables: from n/a through 2.3.7...
CVE-2024-43297 WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5...
CVE-2024-32805 WordPress Social Snap plugin <= 1.3.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through 1.3.5...
PT-2023-16700 · WordPress · Wp Meta Seo
Name of the Vulnerable Software and Affected Versions: WP Meta SEO plugin for WordPress versions up to, and including, 4.5.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the setIgnore function. This allows unauthenticated attacker...
CVE-2022-0442 UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...
CVE-2021-39333 Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion
The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...