Total
7119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-56273 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-02-25 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106. | |||||
| CVE-2023-23672 | 1 Givewp | 1 Givewp | 2025-02-25 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | |||||
| CVE-2023-47183 | 1 Givewp | 1 Givewp | 2025-02-25 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1. | |||||
| CVE-2024-12071 | 1 Evergreencontentposter | 1 Evergreen Content Poster | 2025-02-25 | N/A | 5.3 MEDIUM |
| The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to delete arbitrary posts and pages. | |||||
| CVE-2024-13364 | 1 Raptive | 1 Raptive Ads | 2025-02-25 | N/A | 5.3 MEDIUM |
| The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to reset the ad and cls files. | |||||
| CVE-2023-28672 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | N/A | 6.5 MEDIUM |
| Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2024-13520 | 1 Codemenschen | 1 Gift Vouchers | 2025-02-25 | N/A | 5.3 MEDIUM |
| The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'update_voucher_price', 'update_voucher_date', 'update_voucher_note' functions in all versions up to, and including, 4.4.6. This makes it possible for unauthenticated attackers to update the value, expiration date, and user note for any gift voucher. | |||||
| CVE-2025-0968 | 1 Wpmet | 1 Elementskit Elementor Addons | 2025-02-25 | N/A | 5.3 MEDIUM |
| The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items. | |||||
| CVE-2023-28675 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | |||||
| CVE-2025-1483 | 1 Wwexgroup | 1 Ltl Freight Quotes | 2025-02-25 | N/A | 5.3 MEDIUM |
| The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to update the drop shipping settings. | |||||
| CVE-2023-20955 | 1 Google | 1 Android | 2025-02-25 | N/A | 7.8 HIGH |
| In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813 | |||||
| CVE-2025-22787 | 1 Bplugins | 1 Button Block | 2025-02-25 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5. | |||||
| CVE-2025-27000 | 2025-02-25 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in George Pattichis Simple Photo Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Photo Feed: from n/a through 1.4.0. | |||||
| CVE-2025-26995 | 2025-02-25 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21. | |||||
| CVE-2025-26983 | 2025-02-25 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.4.3. | |||||
| CVE-2025-26975 | 2025-02-25 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Chill Strong Testimonials allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Strong Testimonials: from n/a through 3.2.3. | |||||
| CVE-2025-26960 | 2025-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in enituretechnology Small Package Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.9. | |||||
| CVE-2025-26948 | 2025-02-25 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | |||||
| CVE-2025-26928 | 2025-02-25 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in xfinitysoft Order Limit for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Order Limit for WooCommerce: from n/a through 3.0.2. | |||||
| CVE-2023-21029 | 1 Google | 1 Android | 2025-02-25 | N/A | 5.5 MEDIUM |
| In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898 | |||||