Total
4641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50898 | 1 Sirv | 1 Sirv | 2025-02-09 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2. | |||||
| CVE-2024-52480 | 1 Astoundify | 1 Jobify | 2025-02-07 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Astoundify Jobify - Job Board WordPress Theme.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | |||||
| CVE-2024-13698 | 1 Astoundify | 1 Jobify | 2025-02-07 | N/A | 6.5 MEDIUM |
| The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and 'generate_image_via_ai' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application to upload files in an image format, and to generate AI images using the site's OpenAI key. | |||||
| CVE-2024-3268 | 1 Emarketdesign | 1 Youtube Video Gallery | 2025-02-07 | N/A | 5.3 MEDIUM |
| The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it possible for unauthenticated attackers to create arbitrary posts or pages. | |||||
| CVE-2023-30521 | 1 Jenkins | 1 Assembla Merge Request Builder | 2025-02-07 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | |||||
| CVE-2023-30518 | 1 Jenkins | 1 Thycotic Secret Server | 2025-02-07 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2020-36831 | 1 Nextscripts | 1 Social Networks Auto Poster | 2025-02-07 | N/A | 5.0 MEDIUM |
| The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user. | |||||
| CVE-2024-10537 | 1 Wpusermanager | 1 Wp User Manager | 2025-02-07 | N/A | 4.3 MEDIUM |
| The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate user meta keys. | |||||
| CVE-2024-10216 | 1 Wpusermanager | 1 Wp User Manager | 2025-02-07 | N/A | 4.3 MEDIUM |
| The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add or remove a Carbon Fields custom sidebar if the Carbon Fields (carbon-fields) plugin is installed. | |||||
| CVE-2023-30532 | 1 Jenkins | 1 Turboscript | 2025-02-07 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository. | |||||
| CVE-2023-30526 | 1 Jenkins | 1 Report Portal | 2025-02-07 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. | |||||
| CVE-2023-30522 | 1 Jenkins | 1 Fogbugz | 2025-02-07 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobs specified in a 'jobname' request parameter. | |||||
| CVE-2023-30519 | 1 Jenkins | 1 Quay.io Trigger | 2025-02-07 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | |||||
| CVE-2024-30235 | 1 Themeisle | 1 Multiple Page Generator | 2025-02-07 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. | |||||
| CVE-2024-43162 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12. | |||||
| CVE-2023-40005 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5. | |||||
| CVE-2024-1053 | 1 Liquidweb | 1 Event Tickets | 2025-02-07 | N/A | 4.3 MEDIUM |
| The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves. | |||||
| CVE-2024-37463 | 1 Crmperks | 1 Crm Perks Forms | 2025-02-07 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5. | |||||
| CVE-2025-24753 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-02-07 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.3.1. | |||||
| CVE-2025-25120 | 2025-02-07 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3. | |||||