Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27428 | 2024-12-09 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3.
|
|||||
| CVE-2023-26522 | 2024-12-09 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in OneWebsite WP Repost allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Repost: from n/a through 0.1.
|
|||||
| CVE-2023-26520 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Max Chirkov Advanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Text Widget : from n/a through 2.1.2.
|
|||||
| CVE-2023-25959 | 2024-12-09 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apollo13 Framework Extensions: from n/a through 1.8.10.
|
|||||
| CVE-2023-25791 | 2024-12-09 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Cadus Pro Fontiran allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fontiran: from n/a through 2.1.
|
|||||
| CVE-2023-25714 | 2024-12-09 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25.
|
|||||
| CVE-2023-25703 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Meta slider and carousel with lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta slider and carousel with lightbox: from n/a through 1.6.2.
|
|||||
| CVE-2023-25486 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7.
|
|||||
| CVE-2023-25469 | 2024-12-09 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Magazine3 Easy Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Table of Contents: from n/a through 2.0.45.2.
|
|||||
| CVE-2023-25455 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0.
|
|||||
| CVE-2023-25454 | 2024-12-09 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5.
|
|||||
| CVE-2023-25067 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Noah Hearle, Design Extreme We’re Open! allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects We’re Open!: from n/a through 1.45.
|
|||||
| CVE-2023-25060 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Album and Image Gallery plus Lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Album and Image Gallery plus Lightbox: from n/a through 1.6.2.
|
|||||
| CVE-2023-25048 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Fantastic Plugins Fantastic Content Protector Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fantastic Content Protector Free: from n/a through 2.6.
|
|||||
| CVE-2023-25037 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34.
|
|||||
| CVE-2023-25035 | 2024-12-09 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8.0.3.1.
|
|||||
| CVE-2023-25026 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in PayPal PayPal Brasil para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Brasil para WooCommerce: from n/a through 1.4.2.
|
|||||
| CVE-2023-24375 | 2024-12-09 | N/A | 3.5 LOW | ||
|
Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.5.14.
|
|||||
| CVE-2023-23986 | 2024-12-09 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Noah Hearle, Design Extreme Reviews and Rating – Google My Business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reviews and Rating – Google My Business: from n/a through 4.14.
|
|||||
| CVE-2023-23975 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Fullworks Quick Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Event Manager: from n/a through 9.7.4.
|
|||||
| CVE-2023-23893 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Igor Benic Simple Giveaways allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Giveaways: from n/a through 2.48.0.
|
|||||
| CVE-2023-23887 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n/a through 1.6.0.
|
|||||
| CVE-2023-23886 | 2024-12-09 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in mg12 WP-RecentComments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-RecentComments: from n/a through 2.2.7.
|
|||||
| CVE-2023-23868 | 2024-12-09 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in WPFactory Cost of Goods for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost of Goods for WooCommerce: from n/a through 2.8.6.
|
|||||
| CVE-2023-23823 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8.
|
|||||
| CVE-2023-23814 | 2024-12-09 | N/A | 3.8 LOW | ||
|
Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13.
|
|||||
| CVE-2023-23725 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46.
|
|||||
| CVE-2023-23716 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: from n/a through 1.8.4.
|
|||||
| CVE-2023-22708 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7.
|
|||||
| CVE-2024-12253 | 2024-12-07 | N/A | 5.4 MEDIUM | ||
|
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users).
|
|||||
| CVE-2024-7894 | 2024-12-07 | N/A | 5.3 MEDIUM | ||
|
The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key.
|
|||||
| CVE-2024-12026 | 2024-12-07 | N/A | 4.3 MEDIUM | ||
|
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters.
|
|||||
| CVE-2024-11353 | 2024-12-07 | N/A | 4.3 MEDIUM | ||
|
The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary messages.
|
|||||
| CVE-2024-53826 | 2024-12-06 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13.
|
|||||
| CVE-2024-53813 | 2024-12-06 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0.
|
|||||
| CVE-2024-53810 | 2024-12-06 | N/A | 9.1 CRITICAL | ||
|
Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5.
|
|||||
| CVE-2024-53806 | 2024-12-06 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through 2.2.7.
|
|||||
| CVE-2024-53799 | 2024-12-06 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0.
|
|||||
| CVE-2024-53795 | 2024-12-06 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8.
|
|||||
| CVE-2024-12155 | 2024-12-06 | N/A | 9.8 CRITICAL | ||
|
The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative use ...
Show More |
|||||