3385 matches found
CVE-2023-51483
CVE-2023-51483 affects Glowlogix WP Frontend Profile for WordPress. The vulnerability is an Unauthenticated Privilege Escalation caused by Improper Privilege Management in the plugin, impacting WP Frontend Profile versions up to 1.3.1. Public disclosures in the connected documents confirm the iss...
CVE-2023-51479
CVE-2023-51479 is an authenticated privilege-escalation vulnerability in the WordPress plugin Build App Online . The issue affects versions
CVE-2023-51476
The connected data confirms CVE-2023-51476 affects the WP MLM Unilevel WordPress plugin (
CVE-2023-51424
CVE-2023-51424 affects WebinarIgnition (WordPress Webinar plugin) up to version 3.05.0. The issue is an unauthenticated privilege escalation due to improper privilege management. Public details in Wordfence/EU listings show an in-the-wild risk with a CVSS v3.1 base score of 9.8 (CRITICAL), networ...
CVE-2023-51401
Technical details (affected version, root cause, exploit vectors, and patch status) for CVE-2023-51401 are not provided in the connected documents. Monitor vendor advisories and CVE records for updates and remediation specifics.
CVE-2023-51398
CVE-2023-51398 is an authentication‑related vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder. The issue stems from improper privilege management that enables Privilege Escalation for authenticated users (Contributor+), potentially granting higher privileges than allowed. Affec...
CVE-2023-49753
CVE-2023-49753 affects the Adifier System WordPress plugin and is a Local File Inclusion vulnerability caused by improper pathname restrictions in the Adifier System before 3.1.4. The issue enables unauthenticated local file inclusion, contributing to potential code execution or sensitive data ex...
CVE-2023-48757
CVE-2023-48757 affects Crocoblock JetEngine (WordPress plugin) and enables Privilege Escalation due to Improper Privilege Management. Affected versions are JetEngine and earlier than or equal to 3.2.4; the vulnerability allows an authenticated attacker with Contributor+ privileges to escalate, as...
CVE-2023-48319
CVE-2023-48319 affects the WordPress plugin Salon booking system (salon-booking-system) up to version 8.6. It is an Improper Privilege Management vulnerability that enables Privilege Escalation for users with Editor-level access, potentially granting Administrator privileges. The issue is fixed i...
CVE-2023-47679
CVE-2023-47679 describes a Local File Inclusion (path traversal) vulnerability in the WordPress plugin Qi Addons For Elementor by QODE Interactive. Affected versions are 1.6.3 and earlier; the issue stems from improper limitation of a pathname to a restricted directory, enabling inclusion of loca...
CVE-2023-46784
CVE-2023-46784 affects WordPress ICS Calendar plugin
CVE-2023-46205
CVE-2023-46205 : Local File Inclusion in the WordPress plugin Ultimate Addons for WPBakery Page Builder. Affected versions: up to 3.19.14. Root cause: improper limitation of a pathname to restricted directories (path traversal) leading to PHP Local File Inclusion. Impact (per CVE metrics): potent...
CVE-2023-46145
CVE-2023-46145 is an authenticated privilege escalation in the WordPress theme Themify Ultra. The vulnerability arises from improper privilege management in Themify Ultra versions up to and including 7.3.5, enabling a subscriber-level attacker to escalate privileges. The issue is actively documen...
CVE-2023-44478
CVE-2023-44478 is a CSRF flaw in the WordPress plugin Events Rich Snippets for Google (
CVE-2024-24873
CVE-2024-24873 : Improper Control of Interaction Frequency in CodePeople CP Polls allows a polling limit bypass (flooding) in versions up to 1.0.71 . A fix is available in version 1.0.72 . The CVSS v3.1 base score is 5.3 (Medium) , with unauthenticated access required. Public exploitation status ...
CVE-2024-24874
CVE-2024-24874 affects WordPress plugin CP Polls up to version 1.0.71, where unauthenticated content injection is possible due to insufficient validation of poll answers. The vulnerability is categorized as Content Injection with a low CVSS (5.3) and is mitigated by upgrading to version 1.0.72, w...
CVE-2024-25595
CVE-2024-25595 describes an Authentication Bypass by Spoofing in the Defender Security plugin for WordPress by WPMU DEV. Affected versions are Defender Security up to 4.4.1, with the underlying issue allowing an unauthenticated bypass of IP-based or functional protections, effectively enabling a ...
CVE-2023-41957
CVE-2023-41957 affects WordPress Simple Membership Plugin (
CVE-2023-41955
CVE-2023-41955 is an Improper Privilege Management vulnerability in the WordPress plugin Essential Addons for Elementor (WPDeveloper). The flaw enables Privilege Escalation for authenticated users (Contributor/above) across versions up to 5.8.8 . The NVD entry lists a CVSS v3.1 base score of 8.8 ...
CVE-2023-41954
ProfilePress WordPress plugin