CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31275 – WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability
https://notcve.org/view.php?id=CVE-2024-31275
05 Apr 2024 — The EventPrime plugin for WordPress is vulnerable to booking price manipulations due to insufficient validation and control of booking prices in versions up to, and including, 3.3.4. • https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-3-4-booking-price-manipulation-vulnerability? • CWE-472: External Control of Assumed-Immutable Web Parameter CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31284 – WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31284
05 Apr 2024 — The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handle_calendly_data() function in versions up to, and including, 3.9.8. • https://patchstack.com/database/vulnerability/embedpress/wordpress-embedpress-plugin-3-9-8-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31283 – WordPress Advanced Local Pickup for WooCommerce plugin <=1.6.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31283
05 Apr 2024 — The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ~/include/customizer/customizer-admin.php file in versions up to, and including, 1.6.2. • https://patchstack.com/database/vulnerability/advanced-local-pickup-for-woocommerce/wordpress-advanced-local-pickup-for-woocommerce-plugin-1-6-2-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2086 – Integrate Google Drive <= 1.3.8 - Missing Authorization to Unauthenticated Settings Modification and Export
https://notcve.org/view.php?id=CVE-2024-2086
29 Mar 2024 — The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX in all versions up to, and including, 1.3.8. ... El complemento Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordP... • https://plugins.trac.wordpress.org/changeset/3051452/integrate-google-drive/tags/1.3.9/includes/class-ajax.php • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30529 – WordPress Tainacan plugin <= 0.20.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30529
29 Mar 2024 — The Tainacan plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 0.20.7. • https://patchstack.com/database/vulnerability/tainacan/wordpress-tainacan-plugin-0-20-7-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30533 – WordPress Layouts for Elementor plugin < 1.8 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-30533
29 Mar 2024 — Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Techeshta Layouts for Elementor de WordPress. ... The Layouts for Elementor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the handle_import() function in all versions up to, and including, 1.7. • https://patchstack.com/database/vulnerability/layouts-for-elementor/wordpress-layouts-for-elementor-plugin-1-8-arbitrary-file-upload-vulnerability? • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30534 – WordPress Calendarista Basic Edition plugin <= 3.0.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30534
29 Mar 2024 — The Calendarista Basic Edition plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.0.5. • https://patchstack.com/database/vulnerability/calendarista-basic-edition/wordpress-calendarista-basic-edition-plugin-3-0-5-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30538 – WordPress DELUCKS SEO plugin <= 2.5.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30538
29 Mar 2024 — The DELUCKS SEO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_reason() function in versions up to, and including, 2.5.4. • https://patchstack.com/database/vulnerability/delucks-seo/wordpress-delucks-seo-plugin-2-5-4-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30539 – WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30539
29 Mar 2024 — The Awesome Support plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 6.1.7. • https://patchstack.com/database/vulnerability/awesome-support/wordpress-awesome-support-plugin-6-1-7-broken-access-control-vulnerability? • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30544 – WordPress Whizzy plugin <= 1.1.18 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30544
29 Mar 2024 — The Whizzy plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.18. • https://patchstack.com/database/vulnerability/whizzy/wordpress-whizzy-plugin-1-1-18-broken-access-control-vulnerability? • CWE-862: Missing Authorization •