Lucene search
+L

93 matches found

redhatcve
redhatcve
added 2025/05/23 4:33 a.m.16 views

CVE-2023-6009

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify...

8.8CVSS6.7AI score0.00923EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/23 3:21 a.m.19 views

CVE-2023-2440

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...

8.8CVSS6.4AI score0.00276EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:15 a.m.24 views

CVE-2023-3636

The WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'saveusersmapname' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modif...

8.8CVSS6.7AI score0.00689EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 1:53 a.m.12 views

CVE-2023-2833

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rxsetscreenoptions' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their...

8.8CVSS6.7AI score0.1748EPSS
Exploits4References1
redhatcve
redhatcve
added 2025/05/22 4:10 a.m.10 views

CVE-2019-0301

Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing...

8.8CVSS7AI score0.01131EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/05 1:1 a.m.26 views

CVE-2025-47245

In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...

8.1CVSS6.8AI score0.0042EPSS
Exploits0References1
nvd
nvd
added 2025/05/04 12:15 a.m.45 views

CVE-2025-47245

In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...

8.1CVSS0.0042EPSS
Exploits0References3
cve
cve
added 2025/05/03 12:0 a.m.84 views

CVE-2025-47245

CVE-2025-47245 affects BlueWave Checkmate up to version 2.0.2 before commit d4a6072, where an invite request can be modified to specify a privileged role. The issue is documented across multiple feeds (NVD, Red Hat, OSV, NVD enrichments) with a high impact and CVSS 3.1 base score of 8.1 (CONF/INT...

8.1CVSS7AI score0.0042EPSS
Exploits0References3
cvelist
cvelist
added 2025/05/03 12:0 a.m.31 views

CVE-2025-47245

In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role...

8.1CVSS0.0042EPSS
Exploits0References3
cve
cve
added 2025/04/26 6:0 a.m.141 views

CVE-2025-2907

The CVE-2025-2907 issue affects the WordPress plugin Order Delivery Date Pro for WooCommerce (versions before 12.3.1). The root cause is missing authorization and CSRF checks when importing settings, allowing an unauthenticated attacker to update arbitrary options such as default_user_role to adm...

9.8CVSS7AI score0.01286EPSS
Exploits2References1Affected Software1
vulnrichment
vulnrichment
added 2025/03/20 10:9 a.m.8 views

CVE-2024-10275 Improper Role Modification by Admins for Billing Permissions in lunary-ai/lunary

In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing users to include billing permissions. This can lead to a privilege escalation scenario where an administrator can manag...

7.3CVSS7.3AI score0.00469EPSS
Exploits1References2
cvelist
cvelist
added 2025/03/20 10:9 a.m.9 views

CVE-2024-10275 Improper Role Modification by Admins for Billing Permissions in lunary-ai/lunary

In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing users to include billing permissions. This can lead to a privilege escalation scenario where an administrator can manag...

7.3CVSS0.00469EPSS
Exploits1References2
nvd
nvd
added 2025/02/28 12:15 a.m.16 views

CVE-2025-1682

The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'savesettings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the default user ro...

8.8CVSS0.00531EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/02/27 11:22 p.m.5 views

CVE-2025-1682 Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation

The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'savesettings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the default user ro...

8.8CVSS8.6AI score0.00531EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/02/05 8:23 p.m.16 views

CVE-2022-4939

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wpajaxnoprivwcfmajaxcontroller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to...

9.8CVSS6.8AI score0.02099EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 12:17 a.m.11 views

CVE-2024-4870

The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the 'cf7frr' post meta. This makes it possible for authenticated attackers, with editor-level access and above, to modify...

7.2CVSS6.8AI score0.00466EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/10/29 12:0 a.m.6 views

PT-2024-15969 · WordPress · Masteriyo - Lms

Name of the Vulnerable Software and Affected Versions: Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress versions up to, and including, 1.13.3 Description: The issue is related to missing authorization checks on the "/wp-json/masteriyo/v1/users/$id" REST API...

8.8CVSS6.3AI score0.00623EPSS
Exploits0References10
huntr
huntr
added 2024/10/19 9:6 a.m.8 views

Improper Role Modification by Admins for Billing Permissions

Description Admins, who do not have direct permissions to access billing resources, are able to change the permissions of existing users to have billing permissions. This can lead to a privilege escalation scenario where an administrator can: 1. Change the role of an existing user to include...

7.3CVSS7.7AI score0.00469EPSS
Exploits1
cvelist
cvelist
added 2024/06/04 2:0 a.m.33 views

CVE-2024-4870 Frontend Registration – Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege Escalation

The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the 'cf7frr' post meta. This makes it possible for authenticated attackers, with editor-level access and above, to modify...

7.2CVSS6.9AI score0.00466EPSS
Exploits0References2
wpvulndb
wpvulndb
added 2023/11/23 12:0 a.m.37 views

UserPro < 5.1.5 - Authenticated (Subscriber+) Privilege Escalation

Description The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...

8.8CVSS7AI score0.00923EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder