CVE-2024-13703 CRM and Lead Management by vcita <= 2.7.5 - Missing Authorization to Authenticated (Susbcriber+) Widget Toggle

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitaajaxtoggleae function in all versions up to, and including, 2.7.5. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress CRM and Lead Management by vcita plugin <= 2.7.1 - Missing Authorization to Authenticated (Susbcriber+) Widget Toggle vulnerability

Missing Authorization to Authenticated Susbcriber+ Widget Toggle vulnerability discovered by yudha in WordPress Plugin CRM and Lead Management by vcita versions = 2.7.5...

WordPress Contact Form and Calls To Action by vcita plugin <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Toggle vulnerability

Missing Authorization to Authenticated Subscriber+ Contact/Widget Toggle vulnerability discovered by yudha in WordPress Plugin Contact Form and Calls To Action by vcita versions = 2.7.1...

CVE-2023-2189

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the togglewidget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...