Vulnerabilities (CVE)

Filtered by CWE-862
Total 4980 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-32277 2025-04-07 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects RepairBuddy: from n/a through 3.8211.
CVE-2025-3257 2025-04-07 5.0 MEDIUM 4.3 MEDIUM
A vulnerability classified as problematic has been found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2933 2025-04-07 N/A 8.8 HIGH
The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awun_import_settings() function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVE-2025-1233 2025-04-07 N/A 4.3 MEDIUM
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the theme option that overrides the site.
CVE-2024-1587 1 Blazethemes 1 Newsmatic 2025-04-07 N/A 5.3 MEDIUM
The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post content.
CVE-2025-24249 1 Apple 1 Macos 2025-04-07 N/A 9.8 CRITICAL
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to check the existence of an arbitrary path on the file system.
CVE-2025-24259 1 Apple 1 Macos 2025-04-07 N/A 9.8 CRITICAL
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check.
CVE-2025-24245 1 Apple 1 Macos 2025-04-04 N/A 9.8 CRITICAL
This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords.
CVE-2024-0893 1 Schemaapp 1 Schema App Structured Data 2025-04-04 N/A 4.3 MEDIUM
The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the MarkupUpdate function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update or delete post metadata.
CVE-2020-22007 1 Okerthai 2 G955v1, G955v1 Firmware 2025-04-04 N/A 6.8 MEDIUM
OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges.
CVE-2025-31182 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-04-04 N/A 9.8 CRITICAL
This issue was addressed with improved handling of symlinks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to delete files for which it does not have permission.
CVE-2025-31194 1 Apple 1 Macos 2025-04-04 N/A 9.8 CRITICAL
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication.
CVE-2025-30461 1 Apple 1 Macos 2025-04-04 N/A 9.8 CRITICAL
An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
CVE-2024-1376 1 Avecnous 1 Event Post 2025-04-04 N/A 4.3 MEDIUM
The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the save_bulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update post_meta_data.
CVE-2024-38748 1 Theinnovs 1 Eleforms 2025-04-04 N/A 5.3 MEDIUM
Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9.
CVE-2024-43142 1 Themeum 1 Tutor Lms 2025-04-04 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3.
CVE-2024-43136 1 Sunshinephotocart 1 Sunshine Photo Cart 2025-04-04 N/A 4.3 MEDIUM
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.1.
CVE-2022-44626 1 Squirrly 1 Seo Plugin By Squirrly Seo 2025-04-04 N/A 6.3 MEDIUM
Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20.
CVE-2024-4858 1 Uapp 1 Testimonial Carousel For Elementor 2025-04-04 N/A 5.3 MEDIUM
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.
CVE-2025-24654 1 Squirrly 1 Seo Plugin By Squirrly Seo 2025-04-04 N/A 7.1 HIGH
Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.05.