Total
5241 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-56271 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in SecureSubmit WP SecureSubmit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SecureSubmit: from n/a through 1.5.16. | |||||
| CVE-2024-51651 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in CubeWP CubeWP Forms – All-in-One Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms – All-in-One Form Builder: from n/a through 1.1.5. | |||||
| CVE-2024-12202 | 2025-01-07 | N/A | 8.8 HIGH | ||
| The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-10866 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
| The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings. | |||||
| CVE-2024-12781 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
| The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab_1cl_demo_install_package_content' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite content with imported demo content. | |||||
| CVE-2024-12535 | 2025-01-07 | N/A | 8.6 HIGH | ||
| The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited. | |||||
| CVE-2024-10536 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
| The FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export shortcodes. | |||||
| CVE-2024-12327 | 2025-01-07 | N/A | 4.3 MEDIUM | ||
| The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. | |||||
| CVE-2024-12176 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
| The WordLift – AI powered SEO – Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin's settings. | |||||
| CVE-2024-12158 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
| The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to delete the DB data for the plugin. | |||||
| CVE-2024-10527 | 2025-01-07 | N/A | 3.1 LOW | ||
| The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information. | |||||
| CVE-2024-12559 | 2025-01-07 | N/A | 5.3 MEDIUM | ||
| The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to modify or remove the plugin's API key. | |||||
| CVE-2024-56349 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs | |||||
| CVE-2023-48683 | 2025-01-02 | N/A | 7.1 HIGH | ||
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | |||||
| CVE-2023-45247 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2025-01-02 | N/A | 7.1 HIGH |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | |||||
| CVE-2023-45246 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2025-01-02 | N/A | 7.1 HIGH |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | |||||
| CVE-2022-47601 | 2025-01-02 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in JoomUnited WP Table Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Table Manager: from n/a through 3.5.2. | |||||
| CVE-2022-45811 | 2025-01-02 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5. | |||||
| CVE-2023-48758 | 2025-01-02 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.2.4. | |||||
| CVE-2023-48739 | 2025-01-02 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Porto Theme Porto Theme - Functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a before 2.12.1. | |||||