Total
4643 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1044 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2025-02-05 | N/A | 5.3 MEDIUM |
| The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled. | |||||
| CVE-2022-45806 | 1 Strategy11 | 1 Formidable Forms | 2025-02-05 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4. | |||||
| CVE-2023-47188 | 1 Presstigers | 1 Simple Job Board | 2025-02-05 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in PressTigers Simple Job Board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Job Board: from n/a through 2.10.5. | |||||
| CVE-2023-40003 | 1 Wedevs | 1 Wp Project Manager | 2025-02-05 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in weDevs WP Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through 2.6.7. | |||||
| CVE-2024-1539 | 2025-02-05 | N/A | 4.3 MEDIUM | ||
| An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API. | |||||
| CVE-2024-13335 | 1 Templatescoder | 1 Spexo Addons For Elementor | 2025-02-05 | N/A | 4.3 MEDIUM |
| The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install a theme. | |||||
| CVE-2025-24143 | 1 Apple | 4 Ipados, Macos, Safari and 1 more | 2025-02-04 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user. | |||||
| CVE-2025-24116 | 1 Apple | 1 Macos | 2025-02-04 | N/A | 4.4 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to bypass Privacy preferences. | |||||
| CVE-2024-24832 | 1 Metagauss | 1 Eventprime | 2025-02-04 | N/A | 8.2 HIGH |
| Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | |||||
| CVE-2024-13368 | 1 Kainelabs | 1 Youzify | 2025-02-04 | N/A | 4.3 MEDIUM |
| The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzify_offer_banner() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary site options to a value of one. | |||||
| CVE-2024-11936 | 1 Mvpthemes | 1 Zox News | 2025-02-04 | N/A | 8.8 HIGH |
| The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' function in all versions up to, and including, 3.16.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-13370 | 1 Kainelabs | 1 Youzify | 2025-02-04 | N/A | 6.5 MEDIUM |
| The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the save_addon_key_license() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options to a value of a valid license key. | |||||
| CVE-2024-13449 | 1 Ibsofts | 1 Boom Fest | 2025-02-04 | N/A | 5.3 MEDIUM |
| The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bf_admin_action' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings that change the appearance of the website. | |||||
| CVE-2024-49596 | 1 Dell | 1 Wyse Management Suite | 2025-02-04 | N/A | 5.9 MEDIUM |
| Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion | |||||
| CVE-2024-45760 | 1 Dell | 1 Openmanage Server Administrator | 2025-02-04 | N/A | 4.3 MEDIUM |
| Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges. | |||||
| CVE-2024-6489 | 1 Motopress | 1 Getwid | 2025-02-04 | N/A | 5.3 MEDIUM |
| The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key. | |||||
| CVE-2024-6491 | 1 Motopress | 1 Getwid | 2025-02-04 | N/A | 4.3 MEDIUM |
| The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key. | |||||
| CVE-2024-3213 | 1 Relevanssi | 1 Relevanssi | 2025-02-04 | N/A | 5.3 MEDIUM |
| The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS. | |||||
| CVE-2024-33647 | 2025-02-04 | N/A | 6.5 MEDIUM | ||
| A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects. | |||||
| CVE-2024-3607 | 1 Wp-property-hive | 1 Propertyhive | 2025-02-04 | N/A | 4.3 MEDIUM |
| The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts | |||||