Total
5664 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3268 | 1 Emarketdesign | 1 Youtube Video Gallery | 2025-02-07 | N/A | 5.3 MEDIUM |
| The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it possible for unauthenticated attackers to create arbitrary posts or pages. | |||||
| CVE-2023-30521 | 1 Jenkins | 1 Assembla Merge Request Builder | 2025-02-07 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | |||||
| CVE-2023-30518 | 1 Jenkins | 1 Thycotic Secret Server | 2025-02-07 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2020-36831 | 1 Nextscripts | 1 Social Networks Auto Poster | 2025-02-07 | N/A | 5.0 MEDIUM |
| The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user. | |||||
| CVE-2024-10537 | 1 Wpusermanager | 1 Wp User Manager | 2025-02-07 | N/A | 4.3 MEDIUM |
| The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate user meta keys. | |||||
| CVE-2024-10216 | 1 Wpusermanager | 1 Wp User Manager | 2025-02-07 | N/A | 4.3 MEDIUM |
| The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add or remove a Carbon Fields custom sidebar if the Carbon Fields (carbon-fields) plugin is installed. | |||||
| CVE-2023-30532 | 1 Jenkins | 1 Turboscript | 2025-02-07 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository. | |||||
| CVE-2023-30526 | 1 Jenkins | 1 Report Portal | 2025-02-07 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. | |||||
| CVE-2023-30522 | 1 Jenkins | 1 Fogbugz | 2025-02-07 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobs specified in a 'jobname' request parameter. | |||||
| CVE-2023-30519 | 1 Jenkins | 1 Quay.io Trigger | 2025-02-07 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | |||||
| CVE-2024-30235 | 1 Themeisle | 1 Multiple Page Generator | 2025-02-07 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. | |||||
| CVE-2024-43162 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12. | |||||
| CVE-2023-40005 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5. | |||||
| CVE-2024-1053 | 1 Liquidweb | 1 Event Tickets | 2025-02-07 | N/A | 4.3 MEDIUM |
| The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves. | |||||
| CVE-2024-37463 | 1 Crmperks | 1 Crm Perks Forms | 2025-02-07 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5. | |||||
| CVE-2025-24753 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-02-07 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.3.1. | |||||
| CVE-2025-25120 | 2025-02-07 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3. | |||||
| CVE-2025-25110 | 2025-02-07 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Metagauss Event Kikfyre allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Kikfyre: from n/a through 2.1.8. | |||||
| CVE-2025-25081 | 2025-02-07 | N/A | 4.2 MEDIUM | ||
| Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1. | |||||
| CVE-2024-34389 | 1 Afthemes | 1 Wp Post Author | 2025-02-07 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. | |||||