WordPress ImagePress plugin <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by 家桥 王 in WordPress Plugin ImagePress versions = 1.2.2...

CVE-2024-9778

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

CVE-2024-9778 ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

CVE-2024-9778 ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

CVE-2024-9860

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...

CVE-2024-9860 Bridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo Import

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'importaction' and 'installpluginperdemo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with...

PT-2024-39836 · WordPress · Imagepress

Name of the Vulnerable Software and Affected Versions: ImagePress – Image Gallery plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is due to missing or incorrect nonce validation on the imagepress admin page function, making it possible for unauthenticated attacker...

CVE-2024-9587 Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX

The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxlinkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plug...

WordPress Linkz.ai plugin <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by István Márton in WordPress Plugin Linkz.ai versions = 1.1.8...

CVE-2024-8513

The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsavepluginconfig function in all versions up to, and including, 4.1.0.0. This makes it possibl...

CVE-2024-8434

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2024-8197

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-7859. Reason: This candidate is a reservation duplicate of CVE-2024-7859. Notes: All CVE users should reference CVE-2024-7859 instead of this candidate. All references and descriptions in this candidate have been remov...

CVE-2024-6631

CVE-2024-6631 affects the ImageRecycle pdf & image compression WordPress plugin (versions

CVE-2024-8120

CVE-2024-8120 affects ImageRecycle pdf & image compression (WordPress plugin)

CVE-2024-6883 Event Espresso 4 Decaf – Event Registration Event Ticketing <= 4.10.46.decaf- Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification

The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This make...

CVE-2024-6883

Summary of CVE-2024-6883 : The Event Espresso 4 Decaf – Event Registration & Ticketing plugin for WordPress contains a vulnerability due to a missing capability check on saveTimezoneString (and related functions) that enables authenticated attackers with Subscriber-level access and above to modif...

WordPress Event Espresso 4 Decaf plugin < 5.0.22.decaf - Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification vulnerability

Authenticated Subscriber+ Missing Authorization to Limited Plugin Settings Modification vulnerability discovered by Lucio Sá in WordPress Plugin Event Espresso 4 Decaf versions 5.0.22.decaf...

WordPress plugin Event Espresso 4 Decaf 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A security vulnerability...

CVE-2024-43250 WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Plugin Settings Change vulnerability

Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4...

CVE-2024-7621

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processwpfeedbackmiscoptions function in all versions up to, and including, 4.0.2. This makes it possible for...