Total
810 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33542 | 2025-02-05 | N/A | 4.3 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5. | |||||
| CVE-2024-12132 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | N/A | 4.3 MEDIUM |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create jobs for companies that are unaffiliated with the attacker. | |||||
| CVE-2024-12131 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | N/A | 4.3 MEDIUM |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit resumes for other applicants when applying for jobs. | |||||
| CVE-2024-10174 | 1 Wedevs | 1 Wp Project Manager | 2025-02-05 | N/A | 7.3 HIGH |
| The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to spoof their identity to that of an administrator and access all of the plugins REST routes. | |||||
| CVE-2024-13372 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | N/A | 5.3 MEDIUM |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid() and getallresumefiles() functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download users resumes without the appropriate authorization to do so. | |||||
| CVE-2024-13425 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | N/A | 4.3 MEDIUM |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the enforcedelete() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Employer-level access and above, to delete other users companies. | |||||
| CVE-2024-13428 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | N/A | 5.3 MEDIUM |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the deleteCompanyLogo() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to delete arbitrary company logos. | |||||
| CVE-2024-13429 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | N/A | 4.3 MEDIUM |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the 'jobenforcedelete' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with employer-level access and above, to delete arbitrary | |||||
| CVE-2024-43266 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WP Job Portal.This issue affects WP Job Portal: from n/a through 2.1.6. | |||||
| CVE-2024-10696 | 1 Codeastrology | 1 Ultraaddons | 2025-02-05 | N/A | 4.3 MEDIUM |
| The UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the show_template due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to expose the contents of draft, private, and pending posts. | |||||
| CVE-2024-9097 | 2025-02-05 | N/A | 3.5 LOW | ||
| ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat. | |||||
| CVE-2024-31291 | 1 Metagauss | 1 Profilegrid | 2025-02-04 | N/A | 4.3 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6. | |||||
| CVE-2024-30513 | 1 Metagauss | 1 Profilegrid | 2025-02-04 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2. | |||||
| CVE-2024-13694 | 1 Moreconvert | 1 Woocommerce Wishlist | 2025-02-04 | N/A | 7.5 HIGH |
| The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to extract data from wishlists that they should not have access to. | |||||
| CVE-2024-49388 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 9.1 CRITICAL |
| Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-32808 | 1 Metagauss | 1 Profilegrid | 2025-02-04 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | |||||
| CVE-2024-32772 | 1 Metagauss | 1 Profilegrid | 2025-02-04 | N/A | 4.3 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9. | |||||
| CVE-2024-12046 | 2025-02-04 | N/A | 4.3 MEDIUM | ||
| The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of draft, pending, and private posts. | |||||
| CVE-2024-13607 | 2025-02-04 | N/A | 4.3 MEDIUM | ||
| The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user. | |||||
| CVE-2025-22695 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support. This issue affects Nirweb support: from n/a through 3.0.3. | |||||