Total
4639 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0968 | 1 Wpmet | 1 Elementskit Elementor Addons | 2025-02-25 | N/A | 5.3 MEDIUM |
| The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items. | |||||
| CVE-2023-28675 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | |||||
| CVE-2025-1483 | 1 Wwexgroup | 1 Ltl Freight Quotes | 2025-02-25 | N/A | 5.3 MEDIUM |
| The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to update the drop shipping settings. | |||||
| CVE-2023-20955 | 1 Google | 1 Android | 2025-02-25 | N/A | 7.8 HIGH |
| In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813 | |||||
| CVE-2025-22787 | 1 Bplugins | 1 Button Block | 2025-02-25 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5. | |||||
| CVE-2025-27000 | 2025-02-25 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in George Pattichis Simple Photo Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Photo Feed: from n/a through 1.4.0. | |||||
| CVE-2025-26995 | 2025-02-25 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Anton Vanyukov Market Exporter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Market Exporter: from n/a through 2.0.21. | |||||
| CVE-2025-26983 | 2025-02-25 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.4.3. | |||||
| CVE-2025-26975 | 2025-02-25 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Chill Strong Testimonials allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Strong Testimonials: from n/a through 3.2.3. | |||||
| CVE-2025-26960 | 2025-02-25 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in enituretechnology Small Package Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.9. | |||||
| CVE-2025-26948 | 2025-02-25 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | |||||
| CVE-2025-26928 | 2025-02-25 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in xfinitysoft Order Limit for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Order Limit for WooCommerce: from n/a through 3.0.2. | |||||
| CVE-2023-21029 | 1 Google | 1 Android | 2025-02-25 | N/A | 5.5 MEDIUM |
| In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898 | |||||
| CVE-2025-1402 | 1 Theeventscalendar | 1 Event Tickets | 2025-02-25 | N/A | 5.3 MEDIUM |
| The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and including, 5.19.1.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary Attendee tickets. | |||||
| CVE-2024-13653 | 1 Mvpthemes | 1 Zoxpress | 2025-02-25 | N/A | 8.8 HIGH |
| The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-12164 | 1 Creativewerkdesigns | 1 Wpsyncsheets | 2025-02-25 | N/A | 4.3 MEDIUM |
| The WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsslwp_reset_settings() function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's settings. | |||||
| CVE-2024-13554 | 1 Wpextended | 1 Wp Extended | 2025-02-25 | N/A | 5.3 MEDIUM |
| The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reorder_route() function in all versions up to, and including, 3.0.13. This makes it possible for unauthenticated attackers to reorder posts. | |||||
| CVE-2024-13541 | 1 Adirectory | 1 Adirectory | 2025-02-25 | N/A | 4.3 MEDIUM |
| The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. | |||||
| CVE-2024-13513 | 1 Oliverpos | 1 Oliver Pos | 2025-02-25 | N/A | 9.8 CRITICAL |
| The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's clientToken, which in turn can be used to change user account information including emails and account type. This allows attackers to then change account passwords resulting in a complete site takeover. Version 2.4.2.3 disabled logging but left sites with existing log files vulnerable. | |||||
| CVE-2025-1644 | 2025-02-25 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in Benner ModernaNet up to 1.2.0. Affected is an unknown function of the file /DadosPessoais/SG_Gravar. The manipulation of the argument idItAg leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 1.2.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||