Total
6931 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22560 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Saoshyant.1994 Saoshyant Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Saoshyant Page Builder: from n/a through 3.8.
|
|||||
| CVE-2025-22543 | 2025-01-07 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Beautiful Templates ST Gallery WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through 1.0.8.
|
|||||
| CVE-2025-22541 | 2025-01-07 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Etruel Developments LLC WP Delete Post Copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Copies: from n/a through 5.5.
|
|||||
| CVE-2025-22534 | 2025-01-07 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Ella van Durpe Slides & Presentations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: from n/a through 0.0.39.
|
|||||
| CVE-2025-22512 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Sprout Apps Help Scout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Help Scout: from n/a through 6.5.1.
|
|||||
| CVE-2024-1649 | 1 Frenify | 1 Categorify | 2025-01-07 | N/A | 4.3 MEDIUM |
|
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete categories.
|
|||||
| CVE-2024-1650 | 1 Frenify | 1 Categorify | 2025-01-07 | N/A | 4.3 MEDIUM |
|
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to rename categories.
|
|||||
| CVE-2024-1652 | 1 Frenify | 1 Categorify | 2025-01-07 | N/A | 4.3 MEDIUM |
|
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear categories.
|
|||||
| CVE-2024-1653 | 1 Frenify | 1 Categorify | 2025-01-07 | N/A | 4.3 MEDIUM |
|
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the folder position of categories as well as update the metadata of other taxonomies.
|
|||||
| CVE-2024-12711 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
|
The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attackers to delete questions and attendees and for authenticated users to update question menu orders.
|
|||||
| CVE-2025-22304 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.3.
|
|||||
| CVE-2025-22302 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in WP Wand WP Wand allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through 1.2.5.
|
|||||
| CVE-2025-22299 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through 1.2.9.
|
|||||
| CVE-2025-22298 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Hive Support Hive Support – WordPress Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.6.
|
|||||
| CVE-2024-56294 | 2025-01-07 | N/A | 6.4 MEDIUM | ||
|
Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through 4.0.7.
|
|||||
| CVE-2024-56271 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in SecureSubmit WP SecureSubmit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SecureSubmit: from n/a through 1.5.16.
|
|||||
| CVE-2024-51651 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in CubeWP CubeWP Forms – All-in-One Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms – All-in-One Form Builder: from n/a through 1.1.5.
|
|||||
| CVE-2024-12202 | 2025-01-07 | N/A | 8.8 HIGH | ||
|
The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attac ...
Show More |
|||||
| CVE-2024-10866 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
|
The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings.
|
|||||
| CVE-2024-12781 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
|
The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab_1cl_demo_install_package_content' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite content with imported demo content.
|
|||||
| CVE-2024-12535 | 2025-01-07 | N/A | 8.6 HIGH | ||
|
The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.
|
|||||
| CVE-2024-10536 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
|
The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export shortcodes.
|
|||||
| CVE-2024-12327 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
|
The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.
|
|||||
| CVE-2024-12176 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
|
The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin's settings.
|
|||||
| CVE-2024-12158 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
|
The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to delete the DB data for the plugin.
|
|||||
| CVE-2024-10527 | 2025-01-07 | N/A | 3.1 LOW | ||
|
The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information.
|
|||||
| CVE-2024-12559 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
|
The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to modify or remove the plugin's API key.
|
|||||
| CVE-2024-56349 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 5.3 MEDIUM |
|
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
|
|||||
| CVE-2023-48683 | 2025-01-02 | N/A | 7.1 HIGH | ||
|
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
|
|||||
| CVE-2023-45247 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2025-01-02 | N/A | 7.1 HIGH |
|
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
|
|||||
| CVE-2023-45246 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2025-01-02 | N/A | 7.1 HIGH |
|
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
|
|||||
| CVE-2022-47601 | 2025-01-02 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in JoomUnited WP Table Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Table Manager: from n/a through 3.5.2.
|
|||||
| CVE-2022-45811 | 2025-01-02 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5.
|
|||||
| CVE-2023-48758 | 2025-01-02 | N/A | 7.1 HIGH | ||
|
Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.2.4.
|
|||||
| CVE-2023-48739 | 2025-01-02 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in Porto Theme Porto Theme - Functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a before 2.12.1.
|
|||||
| CVE-2023-47778 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through 1.2.1.
|
|||||
| CVE-2023-45633 | 2025-01-02 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in IDX IMPress Listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IMPress Listings: from n/a through 2.6.2.
|
|||||
| CVE-2023-40327 | 2025-01-02 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Putler / Storeapps Putler Connector for WooCommerce.This issue affects Putler Connector for WooCommerce: from n/a through 2.12.0.
|
|||||
| CVE-2023-32240 | 2025-01-02 | N/A | 5.4 MEDIUM | ||
|
Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1.
|
|||||
| CVE-2022-43476 | 2025-01-02 | N/A | 4.3 MEDIUM | ||
|
Missing Authorization vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Category: from n/a through 2.7.4.
|
|||||