Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by CWE-862
Angry Yack Logo
Total 6931 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-37232 2024-11-01 N/A 8.8 HIGH
Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5.
CVE-2024-37269 2024-11-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Masterstudy Elementor Widgets: from n/a through 1.2.2.
CVE-2024-37516 2024-11-01 N/A 6.3 MEDIUM
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.2.
CVE-2024-38794 2024-11-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in MediaRon LLC Custom Query Blocks allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Custom Query Blocks: from n/a through 5.2.0.
CVE-2024-37477 2024-11-01 N/A 6.5 MEDIUM
Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5.
CVE-2024-39640 2024-11-01 N/A 6.5 MEDIUM
Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9.
CVE-2024-37475 2024-11-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2.
CVE-2024-43209 2024-11-01 N/A 6.5 MEDIUM
Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2.
CVE-2024-37411 2024-11-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Team Emilia Projects Progress Planner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Progress Planner: from n/a through 0.9.1.
CVE-2024-37425 2024-11-01 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8.
CVE-2024-37201 2024-11-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in javmah Woocommerce Customers Order History allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woocommerce Customers Order History: from n/a through 5.2.2.
CVE-2024-37427 2024-11-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21.
CVE-2024-37510 2024-11-01 N/A 6.5 MEDIUM
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
CVE-2024-37481 2024-11-01 N/A 6.5 MEDIUM
Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects The Post Grid: from n/a through 7.7.4.
CVE-2024-37249 2024-11-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1.
CVE-2024-43285 2024-11-01 N/A 6.3 MEDIUM
Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2.
CVE-2024-43215 2024-11-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in creativemotion Social Slider Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Slider Feed: from n/a through 2.2.2.
CVE-2024-39625 2024-11-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.
CVE-2024-37439 2024-11-01 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0
CVE-2024-43235 2024-11-01 N/A 7.1 HIGH
Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10.
CVE-2024-43119 2024-11-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Aruba.It Aruba HiSpeed Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cache: from n/a through 2.0.12.
CVE-2024-37254 2024-11-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7.
CVE-2024-38719 2024-11-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.1.2.
CVE-2024-43154 2024-11-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in BracketSpace Advanced Cron Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.9.
CVE-2024-43273 2024-11-01 N/A 5.4 MEDIUM
Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14.
CVE-2024-43134 2024-11-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in xootix Waitlist Woocommerce ( Back in stock notifier ) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Waitlist Woocommerce ( Back in stock notifier ): from n/a through 2.6.
CVE-2024-43260 2024-11-01 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4.
CVE-2024-37226 2024-11-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.
CVE-2024-38745 2024-11-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wholesale Suite: from n/a through 2.1.12.
CVE-2024-43120 2024-11-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7.
CVE-2024-37276 2024-11-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1.
CVE-2024-38733 2024-11-01 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12.
CVE-2024-39664 2024-11-01 N/A 7.3 HIGH
Missing Authorization vulnerability in YMC Filter & Grids allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Filter & Grids: from n/a through 2.8.33.
CVE-2024-38740 2024-11-01 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6.
CVE-2024-43157 2024-11-01 N/A 4.3 MEDIUM
Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.10.
CVE-2024-37220 2024-11-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in OptinlyHQ Optinly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optinly: from n/a through 1.0.18.
CVE-2024-37921 2024-11-01 N/A 5.3 MEDIUM
Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8.
CVE-2024-38777 2024-11-01 N/A 6.5 MEDIUM
Missing Authorization vulnerability in CreativeMotion Titan Anti-spam & Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Titan Anti-spam & Security: from n/a through 7.3.6.
CVE-2024-37929 2024-11-01 N/A 6.3 MEDIUM
Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4.
CVE-2024-9361 1 Giuliopanda 1 Bulk Images Optimizer 2024-11-01 N/A 4.3 MEDIUM
The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options.