Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22694 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0.
|
|||||
| CVE-2025-22686 | 2025-02-03 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in GSheetConnector CF7 Google Sheets Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Google Sheets Connector: from n/a through 5.0.17.
|
|||||
| CVE-2025-22681 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1.
|
|||||
| CVE-2025-22677 | 2025-02-03 | N/A | 4.8 MEDIUM | ||
|
Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3.
|
|||||
| CVE-2025-22260 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1.
|
|||||
| CVE-2023-23715 | 1 Ultimatemember | 1 Jobboardwp | 2025-02-03 | N/A | 5.2 MEDIUM |
|
Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2.
|
|||||
| CVE-2024-53816 | 1 Themeum | 1 Tutor Lms Elementor Addons | 2025-02-03 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5.
|
|||||
| CVE-2024-57726 | 1 Simple-help | 1 Simplehelp | 2025-01-31 | N/A | 9.9 CRITICAL |
|
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
|
|||||
| CVE-2018-9406 | 1 Google | 1 Android | 2025-01-31 | N/A | 5.5 MEDIUM |
|
In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-11583 | 1 Visualmodo | 1 Borderless | 2025-01-31 | N/A | 4.3 MEDIUM |
|
The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete icon fonts that were previously uploaded.
|
|||||
| CVE-2024-12269 | 1 Wpmessiah | 1 Safe Ai Malware Protection For Wp | 2025-01-31 | N/A | 7.5 HIGH |
|
The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and including, 1.0.17. This makes it possible for unauthenticated attackers to retrieve a complete dump of the site's database.
|
|||||
| CVE-2024-30487 | 1 Sonaar | 1 Mp3 Audio Player For Music\, Radio \& Podcast | 2025-01-31 | N/A | 7.6 HIGH |
|
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1.
|
|||||
| CVE-2024-24718 | 1 Wp-property-hive | 1 Propertyhive | 2025-01-31 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6.
|
|||||
| CVE-2024-13652 | 1 Ecpay | 1 Ecpay Ecommerce For Woocommerce | 2025-01-31 | N/A | 4.3 MEDIUM |
|
The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's log files.
|
|||||
| CVE-2023-45765 | 1 Wedevs | 1 Wp Erp | 2025-01-31 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6.
|
|||||
| CVE-2024-0593 | 1 Presstigers | 1 Simple Job Board | 2025-01-31 | N/A | 5.3 MEDIUM |
|
The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information.
|
|||||
| CVE-2024-54155 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | N/A | 3.7 LOW |
|
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
|
|||||
| CVE-2024-54153 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | N/A | 3.1 LOW |
|
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
|
|||||
| CVE-2022-45351 | 1 Muffingroup | 1 Betheme | 2025-01-31 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.
|
|||||
| CVE-2022-45352 | 1 Muffingroup | 1 Betheme | 2025-01-31 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.
|
|||||
| CVE-2022-45356 | 1 Muffingroup | 1 Betheme | 2025-01-31 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.
|
|||||
| CVE-2023-39998 | 1 Muffingroup | 1 Betheme | 2025-01-31 | N/A | 8.2 HIGH |
|
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1.
|
|||||
| CVE-2022-45349 | 1 Muffingroup | 1 Betheme | 2025-01-31 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.
|
|||||
| CVE-2024-1380 | 1 Relevanssi | 1 Relevanssi | 2025-01-31 | N/A | 5.3 MEDIUM |
|
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.
|
|||||
| CVE-2025-22720 | 2025-01-31 | N/A | 5.8 MEDIUM | ||
|
Missing Authorization vulnerability in MagePeople Team Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.1.
|
|||||
| CVE-2025-22265 | 2025-01-31 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in mgplugin EMI Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EMI Calculator: from n/a through 1.1.
|
|||||
| CVE-2024-13530 | 2025-01-31 | N/A | 4.3 MEDIUM | ||
|
The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the lps_handle_delete_all_logs(), lps_handle_delete_login_log(), and lps_handle_end_session() functions in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete login log ...
Show More |
|||||
| CVE-2024-13717 | 2025-01-31 | N/A | 4.3 MEDIUM | ||
|
The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_ajax_toggle_ae and vcita_ajax_toggle_contact functions in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to enabled and disable widgets.
|
|||||
| CVE-2024-13424 | 2025-01-31 | N/A | 4.3 MEDIUM | ||
|
The Ni Sales Commission For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'niwoosc_ajax' AJAX endpoint in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and modify commission amounts.
|
|||||
| CVE-2024-13415 | 2025-01-31 | N/A | 4.3 MEDIUM | ||
|
The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 5.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings.
|
|||||
| CVE-2024-13767 | 2025-01-31 | N/A | 8.1 HIGH | ||
|
The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
|
|||||
| CVE-2024-1991 | 1 Metagauss | 1 Registrationmagic | 2025-01-31 | N/A | 8.8 HIGH |
|
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator
|
|||||
| CVE-2025-24461 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | N/A | 6.5 MEDIUM |
|
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
|
|||||
| CVE-2024-13715 | 1 Ikjweb | 1 Zstore Manager Basic | 2025-01-30 | N/A | 4.3 MEDIUM |
|
The zStore Manager Basic plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the zstore_clear_cache() function in all versions up to, and including, 3.311. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's cache.
|
|||||
| CVE-2024-37204 | 1 Wp-property-hive | 1 Propertyhive | 2025-01-29 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.
|
|||||
| CVE-2023-27963 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-01-29 | N/A | 7.5 HIGH |
|
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.
|
|||||
| CVE-2024-9161 | 1 Rankmath | 1 Seo | 2025-01-29 | N/A | 6.5 MEDIUM |
|
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to th ...
Show More |
|||||
| CVE-2024-10294 | 1 Ce21 | 1 Ce21 Suite | 2025-01-29 | N/A | 6.5 MEDIUM |
|
The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.
|
|||||
| CVE-2024-32714 | 1 Kodezen | 1 Academy Lms | 2025-01-29 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16.
|
|||||
| CVE-2024-9587 | 1 Linkz.ai | 1 Linkz.ai | 2025-01-29 | N/A | 5.4 MEDIUM |
|
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plugin settings.
|
|||||