Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2022-4972 | Missing Authorization vulnerability in Wpchill Download Monitor The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. | 7.5 |
| 2024-10-16 | CVE-2022-4973 | Cross-site Scripting vulnerability in Wordpress WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page. | 5.4 |
| 2024-10-16 | CVE-2022-4974 | The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. | 6.3 |
| 2024-10-16 | CVE-2023-7286 | The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. | 6.5 |
| 2024-10-16 | CVE-2023-7287 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. | 5.4 |
| 2024-10-16 | CVE-2023-7288 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. | 4.3 |
| 2024-10-16 | CVE-2023-7289 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. | 4.3 |
| 2024-10-16 | CVE-2023-7290 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. | 4.3 |
| 2024-10-16 | CVE-2023-7291 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. | 8.1 |
| 2024-10-16 | CVE-2023-7292 | Missing Authorization vulnerability in Paytium The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. | 4.3 |