Lucene search
+L

77 matches found

Patchstack
Patchstack
added 2025/01/07 7:59 p.m.11 views

WordPress Xpro Elementor Addons plugin <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post Duplication vulnerability

Authenticated Contributor+ Post Disclosure via Post Duplication vulnerability discovered by Webbernaut in WordPress Plugin Xpro Elementor Addons versions = 1.4.6.2...

6.5CVSS7AI score0.00355EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/06 5:7 p.m.7 views

WordPress Duplicate Post, Page and Any Custom Post plugin <= 3.5.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication vulnerability

Authenticated Contributor+ Post Disclosure via Post Duplication vulnerability discovered by Webbernaut in WordPress Plugin Duplicate Post, Page and Any Custom Post versions = 3.5.5...

4.3CVSS6.8AI score0.00322EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/12/18 10:38 p.m.11 views

WordPress Button Block plugin <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication vulnerability

Authenticated Contributor+ Post Disclosure via Post Duplication vulnerability discovered by Webbernaut in WordPress Plugin Button Block versions = 1.1.5...

6.5CVSS7AI score0.00362EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/22 5:30 a.m.7 views

WordPress Themify Builder plugin <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication vulnerability

Missing Authorization to Authenticated Contributor+ Post Duplication vulnerability discovered by Peter Thaleikis in WordPress Plugin Themify Builder versions = 7.6.1...

4.3CVSS7AI score0.0029EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/08/22 2:2 a.m.33 views

CVE-2024-7836 Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...

4.3CVSS0.0029EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/22 2:2 a.m.14 views

CVE-2024-7836 Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication

The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicatepageajaxify function in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate...

4.3CVSS6.8AI score0.0029EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/28 1:13 p.m.8 views

WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Subscriber+ Arbitrary Post/Page Duplication vulnerability

Subscriber+ Arbitrary Post/Page Duplication vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Uncanny Toolkit Pro for LearnDash versions 4.1.4.1...

5.4CVSS7AI score0.00371EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2024/06/05 6:50 a.m.30 views

CVE-2024-2368 Mollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication

The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm function. This makes it possible for unauthenticated attackers to duplicate forms via a forged...

4.3CVSS4.2AI score0.00185EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/05 3:3 a.m.14 views

WordPress Mollie Forms plugin <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication vulnerability

Cross-Site Request Forgery to Arbitrary Post Duplication vulnerability discovered by Lucio Sá in WordPress Plugin Mollie Forms versions = 2.6.13...

4.3CVSS7AI score0.00185EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/15 1:56 a.m.26 views

CVE-2024-4199 Bulk Posts Editing For WordPress <= 4.2.3 - Authenticated (Subscriber+) Missing Authorization

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access an...

4.3CVSS5AI score0.00296EPSS
Exploits0References2
CVE
CVE
added 2024/05/15 1:56 a.m.44 views

CVE-2024-4199

CVE-2024-4199 concerns the Bulk Posts Editing For WordPress plugin (all versions up to 4.2.3) with a missing capability check on AJAX actions, allowing authenticated users with subscriber+ privileges to invoke plugin functions. The Wordfence entry states unauthorized access could enable post crea...

4.3CVSS6.2AI score0.00296EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.14 views

PT-2024-29678 · WordPress · Bulk Posts Editing For Wordpress

Name of the Vulnerable Software and Affected Versions: Bulk Posts Editing For WordPress plugin for WordPress versions up to, and including, 4.2.3 Description: The issue is related to a missing capability check on the plugin's AJAX actions. This allows authenticated attackers with subscriber acces...

4.3CVSS6.5AI score0.00296EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/03 8:36 a.m.16 views

CVE-2024-33914 WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability

Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1...

4.3CVSS6.9AI score0.00422EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 8:36 a.m.27 views

CVE-2024-33914 WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability

Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1...

4.3CVSS6AI score0.00422EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/29 1:59 p.m.8 views

WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability

Broken Access Control on Post Duplication vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.1...

9.8CVSS7AI score0.00422EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.8 views

PT-2024-18189 · WordPress · Accordion

Name of the Vulnerable Software and Affected Versions: Accordion plugin for WordPress versions up to and including 2.2.96 Description: The issue allows authenticated attackers with contributor access and above to access and modify data due to a missing capability check on the accordions duplicate...

5.4CVSS9.3AI score0.00481EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/04/05 5:37 a.m.9 views

WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability

Author+ Post/Page Duplication vulnerability discovered by movrment in WordPress Plugin PostX versions = 3.2.3...

8.8CVSS7AI score0.00336EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.13 views

Accordion < 2.2.97 - Missing Authorization to Authenticated(Contributor+) Post Duplication

Description The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordionsduplicatepostasdraft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers,...

5.4CVSS6.5AI score0.00481EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.10 views

PT-2024-18011 · WordPress · Mollie Forms

Name of the Vulnerable Software and Affected Versions: Mollie Forms plugin for WordPress versions up to, and including, 2.6.3 Description: The issue is related to a missing capability check on the duplicateForm function, allowing authenticated attackers with subscriber access or higher to duplica...

4.3CVSS9.3AI score0.00341EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/03/11 12:0 a.m.16 views

Mollie Forms < 2.6.4 - Missing Authorization to Arbitrary Post Duplication

Description The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or highe...

4.3CVSS6.6AI score0.00341EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder