Total
4874 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10853 | 1 Zixn | 1 Buy One Click Woocommerce | 2025-01-17 | N/A | 4.3 MEDIUM |
| The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete Buy one click WooCommerce orders. | |||||
| CVE-2024-10854 | 1 Zixn | 1 Buy One Click Woocommerce | 2025-01-17 | N/A | 4.3 MEDIUM |
| The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import plugin settings. | |||||
| CVE-2024-31343 | 1 Sonaar | 1 Mp3 Audio Player For Music\, Radio \& Podcast | 2025-01-17 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1. | |||||
| CVE-2024-1904 | 1 Stylemixthemes | 1 Masterstudy Lms | 2025-01-17 | N/A | 4.3 MEDIUM |
| The MasterStudy LMS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the search_posts function in all versions up to, and including, 3.2.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose draft post titles and excerpts. | |||||
| CVE-2023-31826 | 1 Skyscreamer | 1 Nevado Jms | 2025-01-17 | N/A | 7.8 HIGH |
| Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data. | |||||
| CVE-2023-27304 | 1 Cybozu | 1 Garoon | 2025-01-17 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. | |||||
| CVE-2024-1352 | 1 Radiustheme | 1 Classified Listing | 2025-01-17 | N/A | 6.5 MEDIUM |
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms. | |||||
| CVE-2024-13367 | 2025-01-17 | N/A | 6.5 MEDIUM | ||
| The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download an entire copy of a sandbox environment which can contain sensitive information like the wp-config.php file. | |||||
| CVE-2024-12365 | 1 Boldgrid | 1 W3 Total Cache | 2025-01-16 | N/A | 8.5 HIGH |
| The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications. | |||||
| CVE-2024-12006 | 1 Boldgrid | 1 W3 Total Cache | 2025-01-16 | N/A | 5.3 MEDIUM |
| The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and deactivate plugin extensions. | |||||
| CVE-2025-23963 | 2025-01-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Sven Hofmann & Michael Schoenrock Mark Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through 2.2.3. | |||||
| CVE-2025-23962 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Goldstar Goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through 2.1.1. | |||||
| CVE-2025-23961 | 2025-01-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WP Tasker WordPress Graphs & Charts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through 2.0.8. | |||||
| CVE-2025-23957 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Sur.ly Sur.ly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sur.ly: from n/a through 3.0.3. | |||||
| CVE-2025-23955 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in xola.com Xola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through 1.6. | |||||
| CVE-2025-23954 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11. | |||||
| CVE-2025-23930 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2. | |||||
| CVE-2025-23929 | 2025-01-16 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2. | |||||
| CVE-2025-23917 | 2025-01-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.8. | |||||
| CVE-2025-23916 | 2025-01-16 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Nuanced Media WP Meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through 2.3.0. | |||||