77 matches found
WordPress Xpro Elementor Addons plugin <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post Duplication vulnerability
Authenticated Contributor+ Post Disclosure via Post Duplication vulnerability discovered by Webbernaut in WordPress Plugin Xpro Elementor Addons versions = 1.4.6.2...
WordPress Duplicate Post, Page and Any Custom Post plugin <= 3.5.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication vulnerability
Authenticated Contributor+ Post Disclosure via Post Duplication vulnerability discovered by Webbernaut in WordPress Plugin Duplicate Post, Page and Any Custom Post versions = 3.5.5...
WordPress Button Block plugin <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication vulnerability
Authenticated Contributor+ Post Disclosure via Post Duplication vulnerability discovered by Webbernaut in WordPress Plugin Button Block versions = 1.1.5...
WordPress Themify Builder plugin <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication vulnerability
Missing Authorization to Authenticated Contributor+ Post Duplication vulnerability discovered by Peter Thaleikis in WordPress Plugin Themify Builder versions = 7.6.1...
CVE-2024-7836 Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...
CVE-2024-7836 Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...
WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Subscriber+ Arbitrary Post/Page Duplication vulnerability
Subscriber+ Arbitrary Post/Page Duplication vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Uncanny Toolkit Pro for LearnDash versions 4.1.4.1...
CVE-2024-2368 Mollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication
The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm function. This makes it possible for unauthenticated attackers to duplicate forms via a forged...
WordPress Mollie Forms plugin <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication vulnerability
Cross-Site Request Forgery to Arbitrary Post Duplication vulnerability discovered by Lucio Sá in WordPress Plugin Mollie Forms versions = 2.6.13...
CVE-2024-4199 Bulk Posts Editing For WordPress <= 4.2.3 - Authenticated (Subscriber+) Missing Authorization
The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access an...
CVE-2024-4199
CVE-2024-4199 concerns the Bulk Posts Editing For WordPress plugin (all versions up to 4.2.3) with a missing capability check on AJAX actions, allowing authenticated users with subscriber+ privileges to invoke plugin functions. The Wordfence entry states unauthorized access could enable post crea...
PT-2024-29678 · WordPress · Bulk Posts Editing For Wordpress
Name of the Vulnerable Software and Affected Versions: Bulk Posts Editing For WordPress plugin for WordPress versions up to, and including, 4.2.3 Description: The issue is related to a missing capability check on the plugin's AJAX actions. This allows authenticated attackers with subscriber acces...
CVE-2024-33914 WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability
Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1...
CVE-2024-33914 WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability
Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1...
WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability
Broken Access Control on Post Duplication vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.1...
PT-2024-18189 · WordPress · Accordion
Name of the Vulnerable Software and Affected Versions: Accordion plugin for WordPress versions up to and including 2.2.96 Description: The issue allows authenticated attackers with contributor access and above to access and modify data due to a missing capability check on the accordions duplicate...
WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability
Author+ Post/Page Duplication vulnerability discovered by movrment in WordPress Plugin PostX versions = 3.2.3...
Accordion < 2.2.97 - Missing Authorization to Authenticated(Contributor+) Post Duplication
Description The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers,...
PT-2024-18011 · WordPress · Mollie Forms
Name of the Vulnerable Software and Affected Versions: Mollie Forms plugin for WordPress versions up to, and including, 2.6.3 Description: The issue is related to a missing capability check on the duplicateForm function, allowing authenticated attackers with subscriber access or higher to duplica...
Mollie Forms < 2.6.4 - Missing Authorization to Arbitrary Post Duplication
Description The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or highe...