CVE-2024-12614

The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pmssavesetting' and 'postnewpass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with...

CVE-2024-11118 404 Error Monitor <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update via updatePluginSettings Function

The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings function. This makes it possible for unauthenticated attackers to make changes to plug...

404 Error Monitor <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update via updatePluginSettings Function

Description The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings function. This makes it possible for unauthenticated attackers to make...

CVE-2024-10040 Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update

The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the processajaxedit and processajaxdelete function. This makes it possible for unauthenticated attackers to mak...

CVE-2024-9778 ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

CVE-2024-9587 Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX

The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxlinkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plug...

CVE-2024-8434

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2024-5770

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...

CVE-2024-1562 WooCommerce Google Sheet Connector <= 1.3.11 - Missing Authorization

The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the executepostdata function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin...

CVE-2023-2869 WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the dofieldreorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorde...

CVE-2023-1335

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucssconnect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access t...

CVE-2023-1335 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ucss_connect'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucssconnect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access t...

About Me 3000 widget <= 2.2.6 - CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-3097 LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF

The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections...

WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Plugin Settings Update

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Update discovered by Rasi Afeef Patchstack Alliance in WordPress Captcha Code plugin versions = 2.7. Solution Update the WordPress Captcha Code plugin to the latest available version at least 2.8...

CVE-2022-29417

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin = 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings...

Code injection

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin = 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings...

CVE-2022-29417 WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin = 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings...

CVE-2022-29417

Summary: CVE-2022-29417 affects the WordPress ShortPixel Adaptive Images plugin (versions

CVE-2022-29417 WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin = 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings...