Lucene search
K

55 matches found

NVD
NVD
added 2024/07/16 10:15 a.m.15 views

CVE-2024-6579

The Web and WooCommerce Addons for WPBakery Builder plugin for WordPress is vulnerable to unauthorized plugin settings modification due to a missing capability check on several plugin functions in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with...

4.3CVSS0.00362EPSS
Exploits0References4
NVD
NVD
added 2024/05/02 5:15 p.m.25 views

CVE-2024-2797

The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it possible for...

5.3CVSS5.5AI score0.00504EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/20 6:56 p.m.20 views

CVE-2024-1217 Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization to Arbitrary Plugin Deactivation

The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the awaitplugindeactivation function in all versions up to, and including, 2.3.41. This makes it possible for...

7.6CVSS7.3AI score0.00306EPSS
Exploits0References2
OSV
OSV
added 2024/02/05 10:15 p.m.4 views

CVE-2023-6985

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.01365EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/31 12:0 a.m.5 views

PT-2024-20457 · Lobe Chat · Lobe Chat

Name of the Vulnerable Software and Affected Versions: Lobe Chat versions prior to 0.122.4 Description: The issue allows access to plugins without proper authorization when the application is password-protected and deployed with the ACCESS CODE option. This means that even though the application...

5.3CVSS5.2AI score0.00482EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/01/19 12:0 a.m.12 views

PT-2024-15743 · WordPress · Colormag

Name of the Vulnerable Software and Affected Versions: ColorMag theme for WordPress versions up to, and including, 3.1.2 Description: The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin action callback function. This makes it...

6.5CVSS6.9AI score0.01301EPSS
Exploits1References13
Cvelist
Cvelist
added 2024/01/11 8:33 a.m.19 views

CVE-2023-6751 Hostinger <= 1.9.7 - Missing Authorization to Maintenance Mode Activation

The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode...

7.3CVSS7.2AI score0.00449EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/07/28 5:15 a.m.10 views

CVE-2023-0958

Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handleinstallation function that is called via the inisevinstallation AJAX aciton in various versions. This makes it possible for authenticated attackers with...

6.5CVSS6.8AI score0.00557EPSS
Exploits0References24
Vulnrichment
Vulnrichment
added 2023/07/12 4:38 a.m.10 views

CVE-2023-2869 WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the dofieldreorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorde...

4.3CVSS6.7AI score0.00503EPSS
Exploits0References3
CVE
CVE
added 2023/07/12 4:38 a.m.47 views

CVE-2023-2869

CVE-2023-2869 concerns the WordPress WP-Members Membership plugin. The vulnerability arises from a missing capability check in the do_field_reorder function, allowing authenticated users with subscriber-level access to reorder form elements on login forms and thereby perform unauthorized updates ...

4.3CVSS4.6AI score0.00503EPSS
Exploits0References3Affected Software1
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.470 views

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The plugin does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site,...

8.8CVSS6.8AI score0.22452EPSS
Exploits3
NVD
NVD
added 2023/03/10 8:15 p.m.25 views

CVE-2023-1335

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucssconnect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access t...

4.3CVSS4.2AI score0.00548EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/03/10 7:20 p.m.26 views

CVE-2023-1335 RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ucss_connect'

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucssconnect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access t...

4.3CVSS4.6AI score0.00548EPSS
Exploits0References2
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.12 views

WordPress Catch Gallery plugin <= 1.6.8 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Gallery plugin versions = 1.6.8. Solution Update the WordPress Catch Gallery plugin to the latest available version at least 1.7...

5.7CVSS2.9AI score0.00408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/19 12:0 a.m.16 views

WordPress Catch Infinite Scroll plugin <= 1.8.1 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Infinite Scroll plugin versions = 1.8.1. Solution Update the WordPress Catch Infinite Scroll plugin to the latest available version at least 1.9...

5.7CVSS2.7AI score0.00408EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder