Total
4885 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11354 | 1 Codelizar | 1 Ultimate Youtube Video \& Shorts Player With Vimeo | 2024-11-26 | N/A | 4.3 MEDIUM |
| The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete single playlists. | |||||
| CVE-2024-11334 | 1 Nes360 | 1 My Contador Lesr | 2024-11-26 | N/A | 4.3 MEDIUM |
| The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportar_registros() function in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to export user data. | |||||
| CVE-2024-35669 | 1 Bowo | 1 Debug Log Manager | 2024-11-26 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. | |||||
| CVE-2024-35660 | 1 Master-addons | 1 Master Addons | 2024-11-26 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. | |||||
| CVE-2022-20941 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | N/A | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device. | |||||
| CVE-2024-31252 | 1 Dfactory | 1 Responsive Lightbox \& Gallery | 2024-11-26 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in dFactory Responsive Lightbox.This issue affects Responsive Lightbox: from n/a through 2.4.6. | |||||
| CVE-2024-31261 | 1 Aakashweb | 1 Announcer | 2024-11-26 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Aakash Chakravarthy Announcer – Notification & message bars.This issue affects Announcer – Notification & message bars: from n/a through 6.0. | |||||
| CVE-2024-33565 | 1 Ukrsolution | 1 Barcode Scanner And Inventory Manager | 2024-11-26 | N/A | 9.1 CRITICAL |
| Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | |||||
| CVE-2024-33572 | 1 Posimyth | 1 Nexter Blocks | 2024-11-26 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through 3.2.5. | |||||
| CVE-2024-34435 | 1 Coderevolution | 1 Aiomatic | 2024-11-26 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3. | |||||
| CVE-2024-10579 | 2024-11-26 | N/A | 4.3 MEDIUM | ||
| The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view unpublished forms. | |||||
| CVE-2024-10542 | 2024-11-26 | N/A | 9.8 CRITICAL | ||
| The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. | |||||
| CVE-2024-9756 | 1 Directsoftware | 1 Order Attachments For Woocommerce | 2024-11-25 | N/A | 4.3 MEDIUM |
| The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types. | |||||
| CVE-2024-9707 | 1 Themehunk | 1 Hunk Companion | 2024-11-25 | N/A | 9.8 CRITICAL |
| The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. | |||||
| CVE-2024-8272 | 2024-11-25 | N/A | 7.8 HIGH | ||
| The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root. | |||||
| CVE-2023-6959 | 1 Motopress | 1 Getwid | 2024-11-25 | N/A | 4.3 MEDIUM |
| The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the recaptcha_api_key_manage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete the 'Recaptcha Site Key' and 'Recaptcha Secret Key' settings. | |||||
| CVE-2024-9223 | 2024-11-23 | N/A | 4.3 MEDIUM | ||
| The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_ajax_post_it_list_comment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view comments on any post, including private and password protected posts, and pending and draft posts if they were previously published. The vulnerability was partially patched in version 1.3.5. | |||||
| CVE-2024-10813 | 2024-11-23 | N/A | 5.3 MEDIUM | ||
| The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthenticated attackers var data. | |||||
| CVE-2024-6698 | 1 Wpmet | 1 Fundengine | 2024-11-23 | N/A | 8.8 HIGH |
| The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta which can be leveraged to update their capabilities to gain administrator access. | |||||
| CVE-2024-0138 | 2024-11-23 | N/A | 9.8 CRITICAL | ||
| NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | |||||