Total
4622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1766 | 2025-03-20 | N/A | 5.3 MEDIUM | ||
| The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24. This makes it possible for unauthenticated attackers to update the status of ticket payments to 'completed', possibly resulting in financial loss. | |||||
| CVE-2023-35051 | 1 Cimatti | 1 Wordpress Contact Forms | 2025-03-19 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7. | |||||
| CVE-2024-43331 | 1 Veronalabs | 1 Wp Sms | 2025-03-19 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3. | |||||
| CVE-2024-32143 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0. | |||||
| CVE-2024-32712 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14. | |||||
| CVE-2024-40852 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-19 | N/A | 5.3 MEDIUM |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access. | |||||
| CVE-2023-38475 | 1 Rednao | 1 Donations Made Easy - Smart Donations | 2025-03-19 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | |||||
| CVE-2023-29429 | 1 Wpeverest | 1 User Registration | 2025-03-19 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1. | |||||
| CVE-2023-25768 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | |||||
| CVE-2023-25766 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-38385 | 1 Artbees | 1 Jupiter X Core | 2025-03-19 | N/A | 8.3 HIGH |
| Missing Authorization vulnerability in Artbees JupiterX Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from 3.0.0 through 3.3.0. | |||||
| CVE-2024-12920 | 2025-03-19 | N/A | 8.8 HIGH | ||
| The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options. | |||||
| CVE-2024-13412 | 2025-03-19 | N/A | 7.5 HIGH | ||
| The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions. | |||||
| CVE-2024-12922 | 2025-03-19 | N/A | 9.8 CRITICAL | ||
| The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2025-2290 | 2025-03-19 | N/A | 5.3 MEDIUM | ||
| The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up to, and including, 8.0.1. This makes it possible for unauthenticated attackers to change status to "Trash" for every published post, therefore limiting the availability of the website's content. | |||||
| CVE-2025-0526 | 2025-03-18 | N/A | N/A | ||
| In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows. | |||||
| CVE-2024-31813 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | N/A | 8.4 HIGH |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. | |||||
| CVE-2023-36681 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.2. | |||||
| CVE-2024-27953 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | N/A | 4.7 MEDIUM |
| Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8. | |||||
| CVE-2025-24108 | 1 Apple | 1 Macos | 2025-03-18 | N/A | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data. | |||||