Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10589 | 2024-11-12 | N/A | 9.8 CRITICAL | ||
|
The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable us ...
Show More |
|||||
| CVE-2024-10673 | 2024-11-12 | N/A | 8.8 HIGH | ||
|
The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution.
|
|||||
| CVE-2024-42372 | 2024-11-12 | N/A | 6.5 MEDIUM | ||
|
Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.
|
|||||
| CVE-2024-47587 | 2024-11-12 | N/A | 3.5 LOW | ||
|
Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application.
|
|||||
| CVE-2024-44021 | 1 Truepush | 1 Truepush | 2024-11-08 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Truepush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Truepush: from n/a through 1.0.8.
|
|||||
| CVE-2024-44031 | 1 Beardev | 1 Joomsport | 2024-11-08 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.6.3.
|
|||||
| CVE-2024-44038 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-11-08 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9.
|
|||||
| CVE-2024-44052 | 1 Helloasso | 1 Helloasso | 2024-11-08 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in HelloAsso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HelloAsso: from n/a through 1.1.10.
|
|||||
| CVE-2024-10535 | 1 Martinvalchev | 1 Video Gallery For Woocommerce | 2024-11-08 | N/A | 5.3 MEDIUM |
|
The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails in the video-wc-gallery-thumb directory.
|
|||||
| CVE-2024-10543 | 1 Tumult | 1 Tumult Hype Animations | 2024-11-08 | N/A | 4.3 MEDIUM |
|
The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve animation information.
|
|||||
| CVE-2024-6626 | 1 Theinnovs | 1 Eleforms | 2024-11-08 | N/A | 5.3 MEDIUM |
|
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to view form submissions.
|
|||||
| CVE-2024-43998 | 1 Websiteinwp | 1 Blogpoet | 2024-11-08 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
|
|||||
| CVE-2024-43982 | 1 Geekcodelab | 1 Login As Users | 2024-11-08 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login As Users: from n/a through 1.4.3.
|
|||||
| CVE-2024-43981 | 1 Ayecode | 1 Geodirectory | 2024-11-08 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70.
|
|||||
| CVE-2024-44006 | 1 Onthegosystems | 1 Woocommerce Multilingual \& Multicurrency | 2024-11-08 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.6.
|
|||||
| CVE-2024-44019 | 1 Renzojohnson | 1 Contact Form 7 Campaign Monitor Extension | 2024-11-08 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in Renzo Johnson Contact Form 7 Campaign Monitor Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contact Form 7 Campaign Monitor Extension: from n/a through 0.4.67.
|
|||||
| CVE-2024-44020 | 1 Prasadkirpekar | 1 Wp Free Ssl | 2024-11-08 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in Prasad Kirpekar WP Free SSL – Free SSL Certificate for WordPress and force HTTPS allows .
This issue affects WP Free SSL – Free SSL Certificate for WordPress and force HTTPS: from n/a through 1.2.6.
|
|||||
| CVE-2024-43980 | 1 Cozythemes | 1 Fotawp | 2024-11-08 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fota WP: from n/a through 1.4.1.
|
|||||
| CVE-2024-43979 | 1 Cozythemes | 1 Blockbooster | 2024-11-08 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10.
|
|||||
| CVE-2024-43974 | 1 Cozythemes | 1 Revivenews | 2024-11-08 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2.
|
|||||
| CVE-2024-43973 | 1 Ayecode | 1 Getpaid | 2024-11-08 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11.
|
|||||
| CVE-2024-43962 | 1 Lws | 1 Affiliation | 2024-11-08 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4.
|
|||||
| CVE-2024-43956 | 1 Caseproof | 1 Memberpress | 2024-11-08 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34.
|
|||||
| CVE-2024-43937 | 1 Themeum | 1 Wp Crowdfunding | 2024-11-08 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.
|
|||||
| CVE-2024-38190 | 1 Microsoft | 1 Power Platform | 2024-11-08 | N/A | 8.6 HIGH |
|
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
|
|||||
| CVE-2024-7429 | 1 Katieseaborn | 1 Zotpress | 2024-11-08 | N/A | 4.3 MEDIUM |
|
The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset the plugin's settings.
|
|||||
| CVE-2024-50456 | 1 Seopress | 1 Seopress | 2024-11-07 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.
|
|||||
| CVE-2024-50455 | 1 Seopress | 1 Seopress | 2024-11-07 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.
|
|||||
| CVE-2024-49367 | 1 Nginxui | 1 Nginx Ui | 2024-11-07 | N/A | 7.5 HIGH |
|
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue.
|
|||||
| CVE-2024-44082 | 2024-11-07 | N/A | 4.3 MEDIUM | ||
|
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1.
|
|||||
| CVE-2024-50459 | 1 Hmplugin | 1 Aidwp | 2024-11-06 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3.
|
|||||
| CVE-2024-21250 | 1 Oracle | 1 Process Manufacturing Product Development | 2024-11-06 | N/A | 8.1 HIGH |
|
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Manager Specification). Supported versions that are affected are 12.2.13-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all ...
Show More |
|||||
| CVE-2024-9109 | 1 Octolize | 1 Woocommerce Ups Shipping | 2024-11-06 | N/A | 4.3 MEDIUM |
|
The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's API key.
|
|||||
| CVE-2024-43924 | 1 Dfactory | 1 Responsive Lightbox | 2024-11-06 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.
|
|||||
| CVE-2024-9686 | 1 Choplugins | 1 Order Notification For Telegram | 2024-11-06 | N/A | 5.3 MEDIUM |
|
The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test message via the Telegram Bot API to the user configured in the settings.
|
|||||
| CVE-2024-43219 | 2024-11-05 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6.
|
|||||
| CVE-2024-47362 | 1 Wpchill | 1 Strong Testimonials | 2024-11-05 | N/A | 8.8 HIGH |
|
Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16.
|
|||||
| CVE-2024-9584 | 1 Webcraftplugins | 1 Image Map Pro | 2024-11-05 | N/A | 5.4 MEDIUM |
|
The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or above, to add, update or delete map projects.
|
|||||
| CVE-2024-10598 | 1 Tongda2000 | 1 Office Anywhere | 2024-11-04 | 5.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-37483 | 2024-11-01 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Post Grid: from n/a through 7.7.4.
|
|||||