Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46083 | 2025-01-02 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.27.
|
|||||
| CVE-2023-46082 | 2025-01-02 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Cyberlord92 Broken Link Checker | Finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Checker | Finder: from n/a through 2.4.2.
|
|||||
| CVE-2023-46080 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.5.3.
|
|||||
| CVE-2023-46079 | 2025-01-02 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.9.
|
|||||
| CVE-2023-46073 | 2025-01-02 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in nofearinc DX Delete Attached Media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DX Delete Attached Media: from n/a through 2.0.5.1.
|
|||||
| CVE-2023-45828 | 2025-01-02 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in RumbleTalk Ltd RumbleTalk Live Group Chat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through 6.2.5.
|
|||||
| CVE-2023-45649 | 2025-01-02 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in CodePeople Appointment Hour Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through 1.4.23.
|
|||||
| CVE-2023-45636 | 2025-01-02 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.1.
|
|||||
| CVE-2023-45275 | 2025-01-02 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.28.
|
|||||
| CVE-2023-45271 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in WowStore Team ProductX – Gutenberg WooCommerce Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProductX – Gutenberg WooCommerce Blocks: from n/a through 2.7.8.
|
|||||
| CVE-2023-45110 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in BoldThemes Bold Timeline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Timeline Lite: from n/a through 1.1.9.
|
|||||
| CVE-2023-45061 | 2025-01-02 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in AWSM Innovations WP Job Openings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Openings: from n/a through 3.4.1.
|
|||||
| CVE-2023-45045 | 2025-01-02 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Kishor Khambu WP Custom Widget area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through 1.2.5.
|
|||||
| CVE-2023-45002 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8.
|
|||||
| CVE-2023-44988 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32.
|
|||||
| CVE-2023-47874 | 1 Perfmatters | 1 Perfmatters | 2024-12-31 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.
|
|||||
| CVE-2024-1318 | 1 Themeisle | 1 Rss Aggregator By Feedzy | 2024-12-31 | N/A | 6.5 MEDIUM |
|
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with Contributor access and above, who are normally restricted to only being able to create posts rather than pages, to draft and publ ...
Show More |
|||||
| CVE-2024-56070 | 2024-12-31 | N/A | 7.4 HIGH | ||
|
Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3.
|
|||||
| CVE-2024-56066 | 2024-12-31 | N/A | 9.8 CRITICAL | ||
|
Missing Authorization vulnerability in Inspry Agency Toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through 1.0.23.
|
|||||
| CVE-2024-56061 | 2024-12-31 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in Webful Creations Computer Repair Shop allows Privilege Escalation.This issue affects Computer Repair Shop: from n/a through 3.8119.
|
|||||
| CVE-2024-56002 | 2024-12-31 | N/A | 6.4 MEDIUM | ||
|
Missing Authorization vulnerability in Porthas Inc. Contact Form, Survey & Form Builder – MightyForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form, Survey & Form Builder – MightyForms: from n/a through 1.3.9.
|
|||||
| CVE-2024-55995 | 2024-12-31 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Torod Holding LTD Torod allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Torod: from n/a through 1.7.
|
|||||
| CVE-2024-51667 | 2024-12-31 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in David de Boer Paytium.This issue affects Paytium: from n/a through 4.4.10.
|
|||||
| CVE-2024-49698 | 2024-12-31 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.2.
|
|||||
| CVE-2024-49694 | 2024-12-31 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in imw3 My Wp Brand – Hide menu & Hide Plugin.This issue affects My Wp Brand – Hide menu & Hide Plugin: from n/a through 1.1.2.
|
|||||
| CVE-2024-49687 | 2024-12-31 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in StoreApps Smart Manager.This issue affects Smart Manager: from n/a through 8.45.0.
|
|||||
| CVE-2024-49686 | 2024-12-31 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Fatcat Apps Landing Page Cat.This issue affects Landing Page Cat: from n/a through 1.7.4.
|
|||||
| CVE-2024-56067 | 2024-12-31 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3.
|
|||||
| CVE-2024-56031 | 2024-12-31 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Yulio Aleman Jimenez Smart Shopify Product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Shopify Product: from n/a through 1.0.2.
|
|||||
| CVE-2024-55991 | 2024-12-31 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in WP-CRM WP-CRM System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through 3.2.9.1.
|
|||||
| CVE-2023-50850 | 2024-12-31 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0.
|
|||||
| CVE-2023-48775 | 2024-12-31 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2.
|
|||||
| CVE-2024-56234 | 2024-12-31 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in VW THEMES VW Automobile Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Automobile Lite: from n/a through 2.1.
|
|||||
| CVE-2024-56219 | 2024-12-31 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in MarketingFire Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through 4.0.6.1.
|
|||||
| CVE-2024-56215 | 2024-12-31 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Stephen Sherrard Member Directory and Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through 1.7.0.
|
|||||
| CVE-2024-56211 | 2024-12-31 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9.
|
|||||
| CVE-2023-35149 | 1 Jenkins | 1 Digital.ai App Management Publisher | 2024-12-30 | N/A | 6.5 MEDIUM |
|
A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.
|
|||||
| CVE-2024-0984 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2024-12-27 | N/A | 4.3 MEDIUM |
|
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to disable the image optimization setting.
|
|||||
| CVE-2024-0983 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2024-12-27 | N/A | 4.3 MEDIUM |
|
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable image optimization.
|
|||||
| CVE-2024-1091 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2024-12-27 | N/A | 4.3 MEDIUM |
|
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to remove all plugin data.
|
|||||