Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24734 | 2025-01-27 | N/A | 8.8 HIGH | ||
|
Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7.
|
|||||
| CVE-2025-24653 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1.
|
|||||
| CVE-2025-24606 | 2025-01-27 | N/A | 6.4 MEDIUM | ||
|
Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.1.
|
|||||
| CVE-2025-24603 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders. This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.10.
|
|||||
| CVE-2025-24600 | 2025-01-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in David F. Carr RSVPMarker . This issue affects RSVPMarker : from n/a through 11.4.5.
|
|||||
| CVE-2025-24590 | 2025-01-27 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Haptiq picu – Online Photo Proofing Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects picu – Online Photo Proofing Gallery: from n/a through 2.4.0.
|
|||||
| CVE-2025-23982 | 2025-01-27 | N/A | 7.1 HIGH | ||
|
Missing Authorization vulnerability in Marian Kanev Cab fare calculator allows Stored XSS. This issue affects Cab fare calculator: from n/a through 1.1.
|
|||||
| CVE-2025-23849 | 2025-01-27 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Benjamin Piwowarski PAPERCITE allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PAPERCITE: from n/a through 0.5.18.
|
|||||
| CVE-2025-23656 | 2025-01-27 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Saul Morales Pacheco Donate visa allows Stored XSS. This issue affects Donate visa: from n/a through 1.0.0.
|
|||||
| CVE-2025-23529 | 2025-01-27 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Blokhaus Minterpress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Minterpress: from n/a through 1.0.5.
|
|||||
| CVE-2025-24754 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0.
|
|||||
| CVE-2025-24584 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0.
|
|||||
| CVE-2024-10574 | 2025-01-26 | N/A | 7.2 HIGH | ||
|
The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This makes it possible for unauthenticated attackers to modify the Google Sheets integration credentials within the plugin's settings. Because the 'client_id' ...
Show More |
|||||
| CVE-2024-12826 | 2025-01-25 | N/A | 4.3 MEDIUM | ||
|
The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings.
|
|||||
| CVE-2024-13447 | 1 Thimpress | 1 Wp Hotel Booking | 2025-01-24 | N/A | 4.3 MEDIUM |
|
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a list of registered user emails.
|
|||||
| CVE-2024-13361 | 1 Aipower | 1 Aipower | 2025-01-24 | N/A | 6.3 MEDIUM |
|
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload image files and embed shortcode attributes in the image_alt value that will execute when sending a POST request to the attachment page.
|
|||||
| CVE-2025-24751 | 2025-01-24 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in GoDaddy CoBlocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CoBlocks: from n/a through 3.1.13.
|
|||||
| CVE-2025-24750 | 2025-01-24 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in ExactMetrics ExactMetrics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ExactMetrics: from n/a through 8.1.0.
|
|||||
| CVE-2025-24725 | 2025-01-24 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in ThimPress Thim Elementor Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Elementor Kit: from n/a through 1.2.8.
|
|||||
| CVE-2025-24705 | 2025-01-24 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Arshid WooCommerce Quick View allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Quick View: from n/a through 1.1.1.
|
|||||
| CVE-2025-24693 | 2025-01-24 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Yehi Advanced Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Notifications: from n/a through 1.2.7.
|
|||||
| CVE-2025-24691 | 2025-01-24 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Gagan Sandhu , Enej Bajgoric , CTLT DEV, UBC People Lists allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects People Lists: from n/a through 1.3.10.
|
|||||
| CVE-2025-24682 | 2025-01-24 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in mikemmx Super Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Block Slider: from n/a through 2.7.9.
|
|||||
| CVE-2025-24679 | 2025-01-24 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in webraketen Internal Links Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Links Manager: from n/a through 2.5.2.
|
|||||
| CVE-2025-24652 | 2025-01-24 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6.
|
|||||
| CVE-2025-24649 | 2025-01-24 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.
|
|||||
| CVE-2025-24625 | 2025-01-24 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/a through 5.1.
|
|||||
| CVE-2025-24613 | 2025-01-24 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Foliovision FV Thoughtful Comments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FV Thoughtful Comments: from n/a through 0.3.5.
|
|||||
| CVE-2025-24604 | 2025-01-24 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Vikas Ratudi VForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VForm: from n/a through 3.0.5.
|
|||||
| CVE-2025-24594 | 2025-01-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Speedcomp Linet ERP-Woocommerce Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.7.
|
|||||
| CVE-2025-24589 | 2025-01-24 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in JS Morisset JSM Show Post Metadata allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JSM Show Post Metadata: from n/a through 4.6.0.
|
|||||
| CVE-2025-24588 | 2025-01-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1.
|
|||||
| CVE-2025-24580 | 2025-01-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 12 Step Meeting List: from n/a through 3.16.5.
|
|||||
| CVE-2025-24571 | 2025-01-24 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.78.258.
|
|||||
| CVE-2024-12879 | 1 Quantumcloud | 1 Wpot | 2025-01-24 | N/A | 4.3 MEDIUM |
|
The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versions up to, and including, 13.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create Simple Text Responses to chat queries.
|
|||||
| CVE-2024-4223 | 1 Themeum | 1 Tutor Lms | 2025-01-24 | N/A | 9.8 CRITICAL |
|
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data.
|
|||||
| CVE-2025-23991 | 2025-01-24 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in theDotstore Product Size Charts Plugin for WooCommerce.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through 2.4.5.
|
|||||
| CVE-2023-39990 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-01-24 | N/A | 5.4 MEDIUM |
|
Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3.
|
|||||
| CVE-2023-20726 | 5 Google, Linuxfoundation, Mediatek and 2 more | 63 Android, Yocto, Mt2731 and 60 more | 2025-01-24 | N/A | 3.3 LOW |
|
In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).
|
|||||
| CVE-2024-9630 | 1 10web | 1 Wps Telegram Chat | 2025-01-24 | N/A | 5.4 MEDIUM |
|
The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API.
|
|||||