Total
4874 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39990 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-01-24 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3. | |||||
| CVE-2023-20726 | 5 Google, Linuxfoundation, Mediatek and 2 more | 63 Android, Yocto, Mt2731 and 60 more | 2025-01-24 | N/A | 3.3 LOW |
| In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only). | |||||
| CVE-2024-9630 | 1 10web | 1 Wps Telegram Chat | 2025-01-24 | N/A | 5.4 MEDIUM |
| The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API. | |||||
| CVE-2024-0377 | 1 Lifterlms | 1 Lifterlms | 2025-01-23 | N/A | 5.3 MEDIUM |
| The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site. | |||||
| CVE-2024-11069 | 1 Welaunch | 1 Wordpress Gdpr | 2025-01-23 | N/A | 6.5 MEDIUM |
| The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users. | |||||
| CVE-2024-10393 | 1 Themeum | 1 Tutor Lms | 2025-01-23 | N/A | 5.3 MEDIUM |
| The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. | |||||
| CVE-2023-37869 | 1 Leap13 | 1 Premium Addons | 2025-01-23 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Premium Addons Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0. | |||||
| CVE-2025-24403 | 2025-01-23 | N/A | 4.3 MEDIUM | ||
| A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins. | |||||
| CVE-2024-37094 | 1 Stylemixthemes | 1 Masterstudy Lms | 2025-01-22 | N/A | 8.2 HIGH |
| Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.2.12. | |||||
| CVE-2024-4352 | 1 Themeum | 1 Tutor Lms | 2025-01-22 | N/A | 8.8 HIGH |
| The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-4351 | 1 Themeum | 1 Tutor Lms | 2025-01-22 | N/A | 8.8 HIGH |
| The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account. | |||||
| CVE-2024-4222 | 1 Themeum | 1 Tutor Lms | 2025-01-22 | N/A | 7.3 HIGH |
| The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options. | |||||
| CVE-2023-51359 | 1 Wpdeveloper | 1 Essential Blocks | 2025-01-22 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0. | |||||
| CVE-2023-47822 | 1 Sonaar | 1 Mp3 Audio Player For Music\, Radio \& Podcast | 2025-01-22 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10. | |||||
| CVE-2023-47760 | 1 Wpdeveloper | 1 Essential Blocks | 2025-01-22 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0. | |||||
| CVE-2024-56266 | 1 Sonaar | 1 Mp3 Audio Player For Music\, Radio \& Podcast | 2025-01-22 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.8. | |||||
| CVE-2023-6965 | 1 Podsfoundation | 1 Pods | 2025-01-22 | N/A | 4.3 MEDIUM |
| The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role). | |||||
| CVE-2023-51360 | 1 Wpdeveloper | 1 Essential Blocks | 2025-01-22 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0. | |||||
| CVE-2024-12033 | 1 Artbees | 1 Jupiter X Core | 2025-01-22 | N/A | 4.3 MEDIUM |
| The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries | |||||
| CVE-2024-12316 | 1 Artbees | 1 Jupiter X Core | 2025-01-22 | N/A | 5.3 MEDIUM |
| The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates. | |||||