Vulnerabilities (CVE)

Filtered by CWE-284
Total 4438 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-0766 1 Envothemes 1 Envo\'s Elementor Templates \& Widgets For Woocommerce 2026-06-17 N/A 4.3 MEDIUM
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to create templates.
CVE-2024-0712 1 Byzoro 2 Smart S150, Smart S150 Firmware 2026-06-17 7.5 HIGH 7.3 HIGH
A vulnerability was found in Byzoro Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0687 1 Dev.institute 1 Restrict User Access 2026-06-17 N/A 5.3 MEDIUM
The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API.
CVE-2024-0642 1 Cires21 1 Live Encoder 2026-06-17 N/A 9.8 CRITICAL
Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management.
CVE-2024-0631 1 Duitku 1 Duitku Payment Gateway 2026-06-17 N/A 5.3 MEDIUM
The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.6. This makes it possible for unauthenticated attackers to change the payment status of orders to failed.
CVE-2024-0626 2026-06-17 N/A 5.3 MEDIUM
The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid.
CVE-2024-0551 1 Mintplexlabs 1 Anythingllm 2026-06-17 N/A 7.1 HIGH
Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system. The endpoint for exporting should simply be patched to a higher privilege level.
CVE-2024-0453 1 Quantumcloud 1 Wpbot 2026-06-17 N/A 5.0 MEDIUM
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_delete_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete files from a linked OpenAI account.
CVE-2024-0452 1 Quantumcloud 1 Wpbot 2026-06-17 N/A 5.0 MEDIUM
The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files to a linked OpenAI account.
CVE-2024-0451 1 Quantumcloud 1 Wpbot 2026-06-17 N/A 5.0 MEDIUM
The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to list files existing in a linked OpenAI account.
CVE-2024-0437 2026-06-17 N/A 4.3 MEDIUM
The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscriber access or higher, to extract post titles and content, thus bypassing the plugin's password protection.
CVE-2024-0434 2026-06-17 N/A 5.3 MEDIUM
The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to create and publish new place posts. This function is also vulnerable to CSRF.
CVE-2024-0415 1 Csdeshang 1 Dsmall 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435.
CVE-2024-0414 1 Csdeshang 1 Dscms 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250434 is the identifier assigned to this vulnerability.
CVE-2024-0413 1 Csdeshang 1 Dskms 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250433 was assigned to this vulnerability.
CVE-2024-0412 1 Csdeshang 1 Dsshop 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250432.
CVE-2024-0411 1 Csdeshang 1 Dsmall 2026-06-17 5.0 MEDIUM 5.3 MEDIUM
A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250431.
CVE-2024-0377 1 Lifterlms 1 Lifterlms 2026-06-17 N/A 5.3 MEDIUM
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site.
CVE-2024-0374 1 Formviewswp 1 Views For Wpforms 2026-06-17 N/A 4.3 MEDIUM
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2024-0373 1 Formviewswp 1 Views For Wpforms 2026-06-17 N/A 4.3 MEDIUM
The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.