CVE-2024-8197

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-7859. Reason: This candidate is a reservation duplicate of CVE-2024-7859. Notes: All CVE users should reference CVE-2024-7859 instead of this candidate. All references and descriptions in this candidate have been remov...

CVE-2024-6631

CVE-2024-6631 affects the ImageRecycle pdf & image compression WordPress plugin (versions

CVE-2024-8120

CVE-2024-8120 affects ImageRecycle pdf & image compression (WordPress plugin)

CVE-2024-6883 Event Espresso 4 Decaf – Event Registration Event Ticketing <= 4.10.46.decaf- Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification

The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This make...

CVE-2024-6883

Summary of CVE-2024-6883 : The Event Espresso 4 Decaf – Event Registration & Ticketing plugin for WordPress contains a vulnerability due to a missing capability check on saveTimezoneString (and related functions) that enables authenticated attackers with Subscriber-level access and above to modif...

WordPress Event Espresso 4 Decaf plugin < 5.0.22.decaf - Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification vulnerability

Authenticated Subscriber+ Missing Authorization to Limited Plugin Settings Modification vulnerability discovered by Lucio Sá in WordPress Plugin Event Espresso 4 Decaf versions 5.0.22.decaf...

WordPress plugin Event Espresso 4 Decaf 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...

CVE-2024-43250 WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Plugin Settings Change vulnerability

Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4...

CVE-2024-7621

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processwpfeedbackmiscoptions function in all versions up to, and including, 4.0.2. This makes it possible for...

CVE-2024-7574

The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious...

CVE-2024-3636 Pinpoint Booking System < 2.9.9.4.8 - Admin+ Stored XSS

The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7031

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...

CVE-2024-7031 File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update

The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'njtfssaveSettingRestrictions' function in all versions up to, and including, 1.8.2. This makes it possible for authenticated attackers, with a role tha...

CVE-2024-7031

The CVE-2024-7031 entry concerns the WordPress File Manager Pro – Filester plugin. A missing capability check in njt_fs_saveSettingRestrictions allows authenticated users, granted permissions by an Administrator, to modify plugin settings related to user role restrictions and uploads (e.g., enabl...

WordPress plugin Forminator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-37895 · Funnelkit · The Funnel Builder For Wordpress

Name of the Vulnerable Software and Affected Versions: The Funnel Builder for WordPress by FunnelKit versions up to, and including, 3.4.6 Description: The issue allows authenticated attackers with Contributor-level access and above to update multiple settings due to a missing capability check on...

CVE-2024-5804

The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cfadmininit function. This makes it possible for unauthenticated attackers to reset...

CVE-2024-6579

CVE-2024-6579 affects the Web and WooCommerce Addons for WPBakery Builder plugin for WordPress. The vulnerability arises from a missing capability check in several plugin functions, allowing authenticated attackers with Subscriber-level access and above to modify plugin settings. Affected version...

CVE-2024-6579 Web and WooCommerce Addons for WPBakery Builder <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification

The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with...

WordPress plugin WP QuickLaTeX security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...