Total
5240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22696 | 2025-02-04 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in EmbedPress Document Block – Upload & Embed Docs. This issue affects Document Block – Upload & Embed Docs: from n/a through 1.1.0. | |||||
| CVE-2024-13529 | 2025-02-04 | N/A | 6.5 MEDIUM | ||
| The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download arbitrary files from the target system. | |||||
| CVE-2024-25935 | 1 Metagauss | 1 Registrationmagic | 2025-02-03 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | |||||
| CVE-2024-33595 | 1 Master-addons | 1 Master Addons | 2025-02-03 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. | |||||
| CVE-2024-11134 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
| The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to download bookings, which contains customers' personal data. | |||||
| CVE-2024-11133 | 2025-02-03 | N/A | 5.3 MEDIUM | ||
| The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets. | |||||
| CVE-2024-33912 | 1 Kodezen | 1 Academy Lms | 2025-02-03 | N/A | 7.1 HIGH |
| Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. | |||||
| CVE-2023-33321 | 1 Metagauss | 1 Eventprime | 2025-02-03 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6. | |||||
| CVE-2025-24697 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Gallery – Responsive Photo Gallery: from n/a through 1.0.5. | |||||
| CVE-2025-24643 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0. | |||||
| CVE-2025-24642 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2. | |||||
| CVE-2025-23527 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WC Wallet: from n/a through 2.2.0. | |||||
| CVE-2025-22694 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0. | |||||
| CVE-2025-22686 | 2025-02-03 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in GSheetConnector CF7 Google Sheets Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Google Sheets Connector: from n/a through 5.0.17. | |||||
| CVE-2025-22681 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1. | |||||
| CVE-2025-22677 | 2025-02-03 | N/A | 4.8 MEDIUM | ||
| Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3. | |||||
| CVE-2025-22260 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1. | |||||
| CVE-2023-23715 | 1 Ultimatemember | 1 Jobboardwp | 2025-02-03 | N/A | 5.2 MEDIUM |
| Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2. | |||||
| CVE-2024-53816 | 1 Themeum | 1 Tutor Lms Elementor Addons | 2025-02-03 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5. | |||||
| CVE-2024-57726 | 1 Simple-help | 1 Simplehelp | 2025-01-31 | N/A | 9.9 CRITICAL |
| SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. | |||||