Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11125 | 1 Get-simple | 1 Getsimplecms | 2024-11-15 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-52382 | 2024-11-15 | N/A | 9.8 CRITICAL | ||
|
Missing Authorization vulnerability in Medma Technologies Matix Popup Builder allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through 1.0.0.
|
|||||
| CVE-2024-52383 | 2024-11-15 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in KCT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.2.
|
|||||
| CVE-2024-10629 | 2024-11-13 | N/A | 8.8 HIGH | ||
|
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible.
|
|||||
| CVE-2024-10852 | 2024-11-13 | N/A | 4.3 MEDIUM | ||
|
The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export plugin settings.
|
|||||
| CVE-2024-43919 | 1 Yarpp | 1 Yet Another Related Posts Plugin | 2024-11-13 | N/A | 9.8 CRITICAL |
|
Access Control vulnerability in YARPP YARPP allows .
This issue affects YARPP: from n/a through 5.30.10.
|
|||||
| CVE-2024-47768 | 1 Lifplatforms | 1 Lif Authentication Server | 2024-11-13 | N/A | 8.1 HIGH |
|
Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3.
|
|||||
| CVE-2024-43314 | 1 Gabelivan | 1 Asset Cleanup | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3.
|
|||||
| CVE-2024-43332 | 1 Meowapps | 1 Photo Engine | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0.
|
|||||
| CVE-2024-43341 | 1 Cozythemes | 1 Hello Agency | 2024-11-13 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5.
|
|||||
| CVE-2024-43343 | 1 Etoilewebdesign | 1 Order Tracking | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12.
|
|||||
| CVE-2024-43355 | 1 Beardev | 1 Joomsport | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0.
|
|||||
| CVE-2024-43923 | 1 Arraytics | 1 Wp Timetics | 2024-11-13 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23.
|
|||||
| CVE-2024-43925 | 1 Enviragallery | 1 Envira Gallery | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.14.
|
|||||
| CVE-2024-43932 | 1 Posimyth | 1 The Plus Addons For Elementor | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.2.
|
|||||
| CVE-2024-48039 | 1 Cubewp | 1 Cubewp | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.15.
|
|||||
| CVE-2024-48044 | 1 Shortpixel | 1 Image Optimizer | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3.
|
|||||
| CVE-2024-48045 | 1 Leevio | 1 Happy Addons For Elementor | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Leevio Happy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through 3.12.3.
|
|||||
| CVE-2024-43293 | 1 Wpzoom | 1 Recipe Card Blocks For Gutenberg \& Elementor | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1.
|
|||||
| CVE-2024-43296 | 1 Bplugins | 1 Html5 Video Player | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30.
|
|||||
| CVE-2024-43297 | 1 Backupbliss | 1 Clone | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5.
|
|||||
| CVE-2024-43298 | 1 Backupbliss | 1 Clone | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5.
|
|||||
| CVE-2024-43302 | 1 Fontsplugin | 1 Fonts | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7.
|
|||||
| CVE-2024-43310 | 1 Ukrsolution | 1 Print Labels With Barcodes | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.9.
|
|||||
| CVE-2024-43312 | 1 Wpclever | 1 Wpc Frequently Bought Together For Woocommerce | 2024-11-13 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9.
|
|||||
| CVE-2024-43929 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-11-12 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4.
|
|||||
| CVE-2024-43928 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-11-12 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4.
|
|||||
| CVE-2024-47302 | 1 Wpmanageninja | 1 Fluent Support | 2024-11-12 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in WPManageNinja LLC Fluent Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through 1.8.0.
|
|||||
| CVE-2024-47308 | 1 Templately | 1 Templately | 2024-11-12 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in Templately allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Templately: from n/a through 3.1.2.
|
|||||
| CVE-2024-47311 | 1 Kraftplugins | 1 Wheel Of Life | 2024-11-12 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in Kraft Plugins Wheel of Life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through 1.1.8.
|
|||||
| CVE-2024-47314 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-11-12 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.8.
|
|||||
| CVE-2024-47317 | 1 Wpquads | 1 Ads | 2024-11-12 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: from n/a through 2.0.84.
|
|||||
| CVE-2024-47318 | 1 Magazine3 | 1 Pwa For Wp \& Amp | 2024-11-12 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72.
|
|||||
| CVE-2024-47321 | 1 Androidbubbles | 1 Wp Datepicker | 2024-11-12 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in Fahad Mahmood WP Datepicker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Datepicker: from n/a through 2.1.1.
|
|||||
| CVE-2024-47358 | 1 Code-atlantic | 1 Popup Maker | 2024-11-12 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in Popup Maker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Popup Maker: from n/a through 1.19.2.
|
|||||
| CVE-2024-47359 | 1 Depicter | 1 Depicter | 2024-11-12 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Depicter Slider: from n/a through 3.2.2.
|
|||||
| CVE-2024-47361 | 1 Webtechstreet | 1 Elementor Addon Elements | 2024-11-12 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6.
|
|||||
| CVE-2024-10586 | 2024-11-12 | N/A | 9.8 CRITICAL | ||
|
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution.
|
|||||
| CVE-2024-10588 | 2024-11-12 | N/A | 4.3 MEDIUM | ||
|
The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well.
|
|||||
| CVE-2024-10674 | 2024-11-12 | N/A | 8.8 HIGH | ||
|
The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation.
|
|||||