Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31421 | 1 Supsystic | 1 Popup | 2025-03-10 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Supsystic Popup by Supsystic.This issue affects Popup by Supsystic: from n/a through 1.10.27.
|
|||||
| CVE-2023-52214 | 1 Voidcoders | 1 Void Contact Form 7 Widget For Elementor Page Builder | 2025-03-10 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3.
|
|||||
| CVE-2024-1562 | 1 Gsheetconnector | 1 Woocommerce Google Sheet Connector | 2025-03-07 | N/A | 5.3 MEDIUM |
|
The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.
|
|||||
| CVE-2024-5685 | 1 Snipeitapp | 1 Snipe-it | 2025-03-07 | N/A | 7.6 HIGH |
|
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
|
|||||
| CVE-2024-7135 | 1 Tainacan | 1 Tainacan | 2025-03-07 | N/A | 6.5 MEDIUM |
|
The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
|
|||||
| CVE-2025-1309 | 2025-03-07 | N/A | 8.8 HIGH | ||
|
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for ...
Show More |
|||||
| CVE-2024-13655 | 2025-03-07 | N/A | 8.1 HIGH | ||
|
The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on t ...
Show More |
|||||
| CVE-2025-24618 | 1 Elementinvader | 1 Elementinvader Addons For Elementor | 2025-03-06 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1.
|
|||||
| CVE-2024-56225 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-03-06 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56.
|
|||||
| CVE-2025-1361 | 1 Ip2location | 1 Country Blocker | 2025-03-06 | N/A | 7.5 HIGH |
|
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the plugin's settings.
|
|||||
| CVE-2021-4445 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-03-06 | N/A | 6.5 MEDIUM |
|
The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites.
|
|||||
| CVE-2024-13716 | 1 Tarbor | 1 Forex Calculators | 2025-03-06 | N/A | 4.3 MEDIUM |
|
The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_settings_callback() function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.
|
|||||
| CVE-2022-47478 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2022-47477 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2022-47475 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2022-47474 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2023-45000 | 1 Litespeedtech | 1 Litespeed Cache | 2025-03-06 | N/A | 8.2 HIGH |
|
Missing Authorization vulnerability in LiteSpeed Technologies LiteSpeed Cache.This issue affects LiteSpeed Cache: from n/a through 5.7.
|
|||||
| CVE-2023-47807 | 1 10web | 1 10webanalytics | 2025-03-06 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in 10Web 10WebAnalytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through 1.2.12.
|
|||||
| CVE-2023-45272 | 1 10web | 1 Map Builder For Google Maps | 2025-03-06 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73.
|
|||||
| CVE-2024-35628 | 1 10web | 1 Photo Gallery | 2025-03-06 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25.
|
|||||
| CVE-2023-4059 | 1 Cozmoslabs | 1 Profile Builder | 2025-03-06 | N/A | 4.3 MEDIUM |
|
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog
|
|||||
| CVE-2022-47479 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2022-47476 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2023-33995 | 1 10web | 1 Photo Gallery | 2025-03-06 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15.
|
|||||
| CVE-2024-33586 | 1 10web | 1 Photo Gallery | 2025-03-06 | N/A | 5.3 MEDIUM |
|
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.20.
|
|||||
| CVE-2024-10860 | 1 Xlplugins | 1 Nextmove | 2025-03-06 | N/A | 4.3 MEDIUM |
|
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action() function in all versions up to, and including, 2.19.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason on behalf of a site.
|
|||||
| CVE-2024-37517 | 1 Brainstormforce | 1 Spectra | 2025-03-06 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.13.7.
|
|||||
| CVE-2024-13719 | 1 Pepro | 1 Peprodev Ultimate Invoice | 2025-03-06 | N/A | 5.3 MEDIUM |
|
The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for completed orders which can contain PII of users.
|
|||||
| CVE-2025-1666 | 2025-03-06 | N/A | 4.3 MEDIUM | ||
|
The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit the uninstall survey on behalf of a website.
|
|||||
| CVE-2022-47483 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.
|
|||||
| CVE-2022-47482 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.
|
|||||
| CVE-2022-47481 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.
|
|||||
| CVE-2022-47480 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.
|
|||||
| CVE-2024-12331 | 1 Ninjateam | 1 Filester | 2025-03-05 | N/A | 4.3 MEDIUM |
|
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Filebird plugin.
|
|||||
| CVE-2023-26957 | 1 Onekeyadmin | 1 Onekeyadmin | 2025-03-05 | N/A | 9.1 CRITICAL |
|
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.
|
|||||
| CVE-2023-49981 | 1 Oretnom23 | 1 School Fees Management System | 2025-03-05 | N/A | 7.5 HIGH |
|
A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization.
|
|||||
| CVE-2023-49980 | 1 Mayurik | 1 Best Student Result Management System | 2025-03-05 | N/A | 7.5 HIGH |
|
A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization.
|
|||||
| CVE-2023-49979 | 1 Mayurik | 1 Best Student Management System | 2025-03-05 | N/A | 7.5 HIGH |
|
A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization.
|
|||||
| CVE-2024-13686 | 1 Vwthemes | 1 Vw Storefront | 2025-03-05 | N/A | 4.3 MEDIUM |
|
The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vw_storefront_reset_all_settings() function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the themes settings.
|
|||||
| CVE-2022-47471 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||