Total
5664 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45636 | 1 Megafeis | 1 Bofei Dbd\+ | 2025-02-26 | N/A | 8.1 HIGH |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests. | |||||
| CVE-2025-1249 | 2025-02-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Pixelite Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through 6.6.4.1. | |||||
| CVE-2024-27900 | 1 Sap | 1 Abap Platform | 2025-02-26 | N/A | 4.3 MEDIUM |
| Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner. | |||||
| CVE-2024-9628 | 1 10web | 1 Wps Telegram Chat | 2025-02-26 | N/A | 6.3 MEDIUM |
| The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection' function in versions up to, and including, 4.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the Telegram Bot API endpoint and communicate with it. | |||||
| CVE-2025-1091 | 2025-02-26 | N/A | 4.3 MEDIUM | ||
| A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known. | |||||
| CVE-2024-9697 | 1 Wpsocialrocket | 1 Social Rocket | 2025-02-25 | N/A | 5.3 MEDIUM |
| The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. | |||||
| CVE-2024-56273 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-02-25 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106. | |||||
| CVE-2023-23672 | 1 Givewp | 1 Givewp | 2025-02-25 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | |||||
| CVE-2023-47183 | 1 Givewp | 1 Givewp | 2025-02-25 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1. | |||||
| CVE-2024-12071 | 1 Evergreencontentposter | 1 Evergreen Content Poster | 2025-02-25 | N/A | 5.3 MEDIUM |
| The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to delete arbitrary posts and pages. | |||||
| CVE-2024-13364 | 1 Raptive | 1 Raptive Ads | 2025-02-25 | N/A | 5.3 MEDIUM |
| The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to reset the ad and cls files. | |||||
| CVE-2023-28672 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | N/A | 6.5 MEDIUM |
| Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2024-13520 | 1 Codemenschen | 1 Gift Vouchers | 2025-02-25 | N/A | 5.3 MEDIUM |
| The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'update_voucher_price', 'update_voucher_date', 'update_voucher_note' functions in all versions up to, and including, 4.4.6. This makes it possible for unauthenticated attackers to update the value, expiration date, and user note for any gift voucher. | |||||
| CVE-2025-0968 | 1 Wpmet | 1 Elementskit Elementor Addons | 2025-02-25 | N/A | 5.3 MEDIUM |
| The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items. | |||||
| CVE-2023-28675 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | |||||
| CVE-2025-1483 | 1 Wwexgroup | 1 Ltl Freight Quotes | 2025-02-25 | N/A | 5.3 MEDIUM |
| The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to update the drop shipping settings. | |||||
| CVE-2023-20955 | 1 Google | 1 Android | 2025-02-25 | N/A | 7.8 HIGH |
| In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813 | |||||
| CVE-2025-22787 | 1 Bplugins | 1 Button Block | 2025-02-25 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5. | |||||
| CVE-2025-27000 | 2025-02-25 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in George Pattichis Simple Photo Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Photo Feed: from n/a through 1.4.0. | |||||
| CVE-2025-26995 | 2025-02-25 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21. | |||||