Total
4440 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1584 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1. This makes it possible for unauthenticated attackers to modify the site's Google Analytics tracking ID. | |||||
| CVE-2024-1492 | 1 Wpify | 1 Woo Czech | 2026-06-17 | N/A | 5.3 MEDIUM |
| The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known. | |||||
| CVE-2024-1478 | 1 Helderk | 1 Maintenance Mode | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.1 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by the plugin. | |||||
| CVE-2024-1476 | 1 Acurax | 1 Under Construction \/ Maintenance Mode | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mode is active thus bypassing the protection provided by the plugin. | |||||
| CVE-2024-1475 | 1 Awplife | 1 Coming Soon Maintenance Mode | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the plugin. | |||||
| CVE-2024-1473 | 1 Colorlib | 1 Coming Soon \& Maintenance Mode | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin. | |||||
| CVE-2024-1472 | 1 Restezconnectes | 1 Wp Maintenance | 2026-06-17 | N/A | 5.3 MEDIUM |
| The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API. | |||||
| CVE-2024-1462 | 1 Themegrill | 1 Maintenance Page | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode. | |||||
| CVE-2024-1439 | 1 Moodle | 1 Moodle | 2026-06-17 | N/A | 6.5 MEDIUM |
| Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent. | |||||
| CVE-2024-1418 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled. | |||||
| CVE-2024-1376 | 1 Avecnous | 1 Event Post | 2026-06-17 | N/A | 4.3 MEDIUM |
| The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the save_bulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update post_meta_data. | |||||
| CVE-2024-1370 | 1 Themegrill | 1 Maintenance Page | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails. | |||||
| CVE-2024-1343 | 1 Laborofficefree | 1 Laborofficefree | 2026-06-17 | N/A | 4.7 MEDIUM |
| A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree BackUp'. | |||||
| CVE-2024-1308 | 2026-06-17 | N/A | 7.5 HIGH | ||
| The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalink_settings_save' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the affiliate permalink base, driving traffic to malicious sites via the plugin's affiliate links. | |||||
| CVE-2024-1294 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer email and physical addresses. | |||||
| CVE-2024-1288 | 1 Magazine3 | 1 Schema \& Structured Data For Wp \& Amp | 2026-06-17 | N/A | 4.3 MEDIUM |
| The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswp_reviews_form_render' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially breaking the reCaptcha functionality. | |||||
| CVE-2024-1230 | 2026-06-17 | N/A | 4.3 MEDIUM | ||
| The SimpleShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.0. This is due to missing or incorrect nonce validation on the maybe_disconnect_simpleshop function. This makes it possible for unauthenticated attackers to disconnect the site from simpleshop via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-1092 | 1 Themeisle | 1 Rss Aggregator By Feedzy | 2026-06-17 | N/A | 4.3 MEDIUM |
| The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them. | |||||
| CVE-2024-1088 | 1 Rajkakadiya | 1 Password Protected Store For Woocommerce | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content. | |||||
| CVE-2024-1053 | 1 Liquidweb | 1 Event Tickets | 2026-06-17 | N/A | 4.3 MEDIUM |
| The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves. | |||||
