WordPress CE21 Suite plugin <= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings Change vulnerability

Missing Authorization to Unauthenticated Plugin Settings Change vulnerability discovered by István Márton in WordPress Plugin CE21 Suite versions = 2.2.0...

CVE-2024-37106 WordPress WishList Member X plugin < 3.26.7 - Unautenticated Plugin Settings Change Leading to Stored XSS vulnerability

Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6...

CVE-2024-37106 WordPress WishList Member X plugin < 3.26.7 - Unautenticated Plugin Settings Change Leading to Stored XSS vulnerability

Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6...

CVE-2024-9434

The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the ontranslateoptionspage function. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9434 WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the ontranslateoptionspage function. This makes it possible for unauthenticated attackers to inject...

CVE-2024-9434 WPGlobus Translate Options <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the ontranslateoptionspage function. This makes it possible for unauthenticated attackers to inject...

CVE-2024-10040 Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update

The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the processajaxedit and processajaxdelete function. This makes it possible for unauthenticated attackers to mak...

CVE-2023-7288

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the updateprofilepreference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2023-7288

The Paytium: Mollie payment forms & donations WordPress plugin is affected up to version 4.3.7 due to a missing capability check in update_profile_preference. This allows authenticated users with subscriber-level access to modify plugin settings, potentially impacting data integrity. Remediation:...

WordPress ImagePress plugin <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by 家桥 王 in WordPress Plugin ImagePress versions = 1.2.2...

CVE-2024-9778

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

CVE-2024-9778 ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

CVE-2024-9778 ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

CVE-2024-9860

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...

CVE-2024-9860 Bridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo Import

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...

PT-2024-39836 · WordPress · Imagepress

Name of the Vulnerable Software and Affected Versions: ImagePress – Image Gallery plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is due to missing or incorrect nonce validation on the imagepress admin page function, making it possible for unauthenticated attacker...

CVE-2024-9587 Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX

The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxlinkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plug...

WordPress Linkz.ai plugin <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by István Márton in WordPress Plugin Linkz.ai versions = 1.1.8...

CVE-2024-8513

The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsavepluginconfig function in all versions up to, and including, 4.1.0.0. This makes it possibl...

CVE-2024-8434

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-lev...