CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37999 – WordPress HT Mega Absolute Addons for Elementor plugin <= 2.2.0 - Unauthenticated Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-37999
Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0. La vulnerabilidad de gestión de privilegios incorrecta en HasThemes HT Mega permite la escalada de privilegios. Este problema afecta a HT Mega: desde n/a hasta 2.2.0. The HT Mega plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.2.0. This is due to missing validation of the reg_role parameter on the htmega_ajax_register function. • https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-2-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31080 – WordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-31080
Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65. Vulnerabilidad de autorización faltante en Unlimited Elements Unlimited Elements For Elementor (widgets, complementos y plantillas gratuitos). Este problema afecta a Unlimited Elements For Elementor (widgets, complementos y plantillas gratuitos): desde n/a hasta 1.5.65. The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the extensive functions throughout the plugin in versions up to, and including, 1.5.65. This makes it possible for authenticated attackers, with contributor-level access and above, to perform a plethora of unauthorized actions such as updating/ deleting/modfying addons and modifying various settings. • https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-65-multiple-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35050 – WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-35050
Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0. Vulnerabilidad de autorización faltante en Elementor Elementor Pro. Este problema afecta a Elementor Pro: desde n/a hasta 3.13.0. The Elementor Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.13.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions like modifying screenshots, • https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-plugin-3-13-0-subscriber-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35046 – Dynamic Visibility for Elementor <= 5.0.5 - Missing Authorization to Authenticated(Subscriber+) Post Visibility Modification
https://notcve.org/view.php?id=CVE-2023-35046
The Dynamic Visibility for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dce_visibility_toggle' function in versions up to, and including, 5.0.5. This makes it possible for authenticated attackers with subscriber-level permissions or above to modify the visibility of posts. • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31090 – WordPress Unlimited Elements For Elementor plugin <= 1.5.60 - Unrestricted Zip Extraction vulnerability
https://notcve.org/view.php?id=CVE-2023-31090
Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Unlimited Elements Unlimited Elements For Elementor (widgets, complementos y plantillas gratuitos) permite cargar un Web Shell en un servidor web. Este problema afecta a Unlimited Elements For Elementor (widgets, complementos y plantillas gratuitos): desde n/a hasta el 1.5.60. The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files within zip files in the File Manager functionality in versions up to, and including, 1.5.60 . This makes it possible for authenticated attackers, with contributor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/unlimited-elements-for-elementor/wordpress-unlimited-elements-for-elementor-plugin-1-5-60-unrestricted-zip-extraction-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •