1378 matches found
CVE-2023-27428
CVE-2023-27428 affects WordPress WP users media plugin, vulnerable ≤ 4.2.3 due to missing authorization/broken access control. Technical details in connected docs cite a Missing Authorization/CSRF issue on wpusme_save_settings, enabling unauthorized/settings modification for affected users. No pa...
CVE-2023-28689
CVE-2023-28689 : WordPress plugin JS Job Manager (versions
CVE-2023-29239
LuckyWP Scripts Control (WordPress plugin)
CVE-2023-30870
CVE-2023-30870: Vulnerability in the WordPress plugin Sharkdropship for AliExpress Dropship and Affiliate (versions
CVE-2023-32117
CVE-2023-32117 affects the WordPress plugin Integrate Google Drive (versions n/a–1.1.99). The root cause is Missing Authorization due to missing capability checks on REST API endpoints, enabling unauthenticated attackers to perform operations (move files, create folders, copy details, etc.). The ...
CVE-2023-32299
CVE-2023-32299 affects the WordPress plugin Ni WooCommerce Sales Report (Ni WooCommerce Sales Report) up to version 3.7.3, due to Missing Authorization / Broken Access Control. Attackers with subscriber-level privileges could exploit an improperly enforced access control to view sales data. The v...
CVE-2023-47698
CVE-2023-47698 affects WordPress plugin Japanized For WooCommerce (woocommerce-for-japan) ≤ 2.6.4, due to Missing/Incorrectly configured Authorization (Broken Access Control). Unauthenticated attackers could exploit this; CVSS v3.1 base score 8.6 (HIGH). Patch 2.6.5 fixes the issue. remediation: ...
CVE-2023-47756
CVE-2023-47756 is a Missing Authorization (Broken Access Control) vulnerability in the Welcome Email Editor WordPress plugin. Affected versions are
CVE-2023-47760
CVE-2023-47760 affects WordPress WPDeveloper Essential Blocks for Gutenberg. The vulnerability is a Missing Authorization/Broken Access Control in Essential Blocks for Gutenberg versions
CVE-2023-47761
CVE-2023-47761 affects the WordPress plugin Simple 301 Redirects by BetterLinks. Public details confirm a Missing Authorization / Broken Access Control vulnerability in versions up to and including 2.0.7, allowing unauthorized access under configured access control levels. The vulnerability arise...
CVE-2023-47762
CVE-2023-47762 affects WordPress BetterDocs plugin up to version 2.5.2, due to Missing Authorization via AJAX actions. Impact: unauthorized modification of documents for authenticated users with subscriber+ privileges (per Patchstack). Mitigation: upgrade to version 2.5.3 or later where fix is ap...
CVE-2023-47763
CVE-2023-47763: WordPress plugin WP Custom Admin Interface (
CVE-2023-47776
CVE-2023-47776 affects the WordPress plugin miniorange otp verification (versions
CVE-2023-47793
CVE-2023-47793 affects the WordPress plugin Acme Fix Images . The vulnerability arises from missing authorization in the acme_fix_images_ajax_callback, enabling an authenticated user with at least subscriber-level access to resize images due to broken access control. Affected versions are
CVE-2023-47822
CVE-2023-47822 : WordPress plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar has a Missing/Broken Access Control vulnerability. Affected versions are
CVE-2023-47823
CVE-2023-47823 is a WordPress FormCraft vulnerability described as a Missing Authorization/broken access control issue in FormCraft
CVE-2023-47826
CVE-2023-47826 corresponds to a Missing Authorization (Broken Access Control) vulnerability in the Restaurant & Cafe Addon for Elementor (WordPress) up to version 1.5.3. Unauthenticated attackers could modify data via multiple AJAX functions. Fixed in 1.5.4. Affected product/version: Restaurant &...
CVE-2023-47830
CVE-2023-47830 is a WordPress plugin vulnerability in Live Preview for Contact Form 7, affecting versions
CVE-2023-47832
CVE-2023-47832 affects the WordPress SearchIQ plugin (versions
CVE-2023-47836
CVE-2023-47836 affects the WP Meta and Date Remover plugin for WordPress, specifically versions