Total
4643 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22681 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1. | |||||
| CVE-2025-22677 | 2025-02-03 | N/A | 4.8 MEDIUM | ||
| Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3. | |||||
| CVE-2025-22260 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1. | |||||
| CVE-2024-50500 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2. | |||||
| CVE-2023-23715 | 1 Ultimatemember | 1 Jobboardwp | 2025-02-03 | N/A | 5.2 MEDIUM |
| Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2. | |||||
| CVE-2024-53816 | 1 Themeum | 1 Tutor Lms Elementor Addons | 2025-02-03 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5. | |||||
| CVE-2024-57726 | 1 Simple-help | 1 Simplehelp | 2025-01-31 | N/A | 9.9 CRITICAL |
| SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. | |||||
| CVE-2018-9406 | 1 Google | 1 Android | 2025-01-31 | N/A | 5.5 MEDIUM |
| In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-12104 | 1 Atarim | 1 Visual Website Collaboration\, Feedback \& Project Management | 2025-01-31 | N/A | 5.3 MEDIUM |
| The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and including, 4.0.9. This makes it possible for unauthenticated attackers to delete project pages and files. | |||||
| CVE-2024-11583 | 1 Visualmodo | 1 Borderless | 2025-01-31 | N/A | 4.3 MEDIUM |
| The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including, 1.5.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete icon fonts that were previously uploaded. | |||||
| CVE-2024-12269 | 1 Wpmessiah | 1 Safe Ai Malware Protection For Wp | 2025-01-31 | N/A | 7.5 HIGH |
| The Safe Ai Malware Protection for WP plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db() function in all versions up to, and including, 1.0.17. This makes it possible for unauthenticated attackers to retrieve a complete dump of the site's database. | |||||
| CVE-2024-30487 | 1 Sonaar | 1 Mp3 Audio Player For Music\, Radio \& Podcast | 2025-01-31 | N/A | 7.6 HIGH |
| Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.1. | |||||
| CVE-2024-24718 | 1 Wp-property-hive | 1 Propertyhive | 2025-01-31 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6. | |||||
| CVE-2024-13652 | 1 Ecpay | 1 Ecpay Ecommerce For Woocommerce | 2025-01-31 | N/A | 4.3 MEDIUM |
| The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's log files. | |||||
| CVE-2023-45765 | 1 Wedevs | 1 Wp Erp | 2025-01-31 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6. | |||||
| CVE-2024-0593 | 1 Presstigers | 1 Simple Job Board | 2025-01-31 | N/A | 5.3 MEDIUM |
| The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information. | |||||
| CVE-2024-13312 | 2025-01-31 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9. | |||||
| CVE-2024-54155 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | N/A | 3.7 LOW |
| In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | |||||
| CVE-2024-54153 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | N/A | 3.1 LOW |
| In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | |||||
| CVE-2022-45351 | 1 Muffingroup | 1 Betheme | 2025-01-31 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | |||||