Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11929 | 2025-01-09 | N/A | 6.4 MEDIUM | ||
|
The Responsive FlipBook Plugin Wordpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rfbwp_save_settings() functionin all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
|
|||||
| CVE-2024-43662 | 2025-01-09 | N/A | N/A | ||
|
The <redacted>.exe or <redacted>.exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user.
This issue affects Iocharger firmware for AC models before version 24120701.
Likelihood: Moderate – An attacker will need to have knowledge of this CGI binary, e.g. by finding it in firmware. Furthermore, the attacker will need a (low privilege) account to gain access to the < ...
Show More |
|||||
| CVE-2024-6824 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-01-08 | N/A | 4.3 MEDIUM |
|
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary content and update post and page titles.
|
|||||
| CVE-2024-0516 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | N/A | 5.3 MEDIUM |
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata.
|
|||||
| CVE-2024-0766 | 1 Envothemes | 1 Envo\'s Elementor Templates \& Widgets For Woocommerce | 2025-01-08 | N/A | 4.3 MEDIUM |
|
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to create templates.
|
|||||
| CVE-2024-0385 | 1 Frenify | 1 Categorify | 2025-01-08 | N/A | 4.3 MEDIUM |
|
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories.
|
|||||
| CVE-2024-1095 | 1 Themeperch | 1 Build \& Control Block Pattern | 2025-01-08 | N/A | 5.3 MEDIUM |
|
The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to export the plugin's settings.
|
|||||
| CVE-2024-1178 | 1 Themeboy | 1 Sportspress | 2025-01-08 | N/A | 5.3 MEDIUM |
|
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs
|
|||||
| CVE-2024-24833 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-08 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.10.1.
|
|||||
| CVE-2024-1285 | 1 Pagebuildersandwich | 1 Page Builder Sandwich | 2025-01-08 | N/A | 6.5 MEDIUM |
|
The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts.
|
|||||
| CVE-2024-50417 | 1 Bold-themes | 1 Bold Page Builder | 2025-01-08 | N/A | 4.3 MEDIUM |
|
Missing Authorization vulnerability in BoldThemes Bold Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through 5.1.3.
|
|||||
| CVE-2023-33477 | 1 Harmonicinc | 2 Nsg 9000-6g, Nsg 9000-6g Firmware | 2025-01-08 | N/A | 6.5 MEDIUM |
|
In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path.
|
|||||
| CVE-2023-30863 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 7.8 HIGH |
|
In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-48448 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48447 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48446 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48392 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 7.8 HIGH |
|
In dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2022-48391 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2023-30915 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
|
In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2023-30914 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
|
In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2023-30866 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2023-30865 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
|
|||||
| CVE-2023-30864 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 7.8 HIGH |
|
In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2024-11423 | 2025-01-08 | N/A | 7.5 HIGH | ||
|
The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers ...
Show More |
|||||
| CVE-2024-12712 | 2025-01-08 | N/A | 5.3 MEDIUM | ||
|
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses.
|
|||||
| CVE-2024-8001 | 1 Viwis | 1 Learning Management System | 2025-01-08 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. A user with the role learner can use the administrative print function with an active session before and after an exam slot to access the entire exam including solutions in the web application. It is recommended to apply a patch to fix this issue.
|
|||||
| CVE-2022-48445 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48444 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48443 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48442 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48441 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48440 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 5.5 MEDIUM |
|
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
|
|||||
| CVE-2022-48390 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-07 | N/A | 7.8 HIGH |
|
In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
|
|||||
| CVE-2024-1387 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-07 | N/A | 4.3 MEDIUM |
|
The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicate_thing() function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above, to clone arbitrary posts (including private and password protected ones) which may lead to information exposure.
|
|||||
| CVE-2025-22363 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in ORION Allada T-shirt Designer for Woocommerce.This issue affects Allada T-shirt Designer for Woocommerce: from n/a through 1.1.
|
|||||
| CVE-2025-22319 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47.
|
|||||
| CVE-2024-56272 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce.This issue affects Hide Category by User Role for WooCommerce: from n/a through 2.1.1.
|
|||||
| CVE-2024-56270 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in SecureSubmit WP SecureSubmit.This issue affects WP SecureSubmit: from n/a through 1.5.16.
|
|||||
| CVE-2025-22592 | 2025-01-07 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through 1.87.
|
|||||
| CVE-2025-22591 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through 1.87.
|
|||||