Total
4673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-55991 | 2024-12-31 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in WP-CRM WP-CRM System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through 3.2.9.1. | |||||
| CVE-2023-50850 | 2024-12-31 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0. | |||||
| CVE-2023-48775 | 2024-12-31 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2. | |||||
| CVE-2024-56234 | 2024-12-31 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in VW THEMES VW Automobile Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Automobile Lite: from n/a through 2.1. | |||||
| CVE-2024-56225 | 2024-12-31 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56. | |||||
| CVE-2024-56219 | 2024-12-31 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in MarketingFire Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through 4.0.6.1. | |||||
| CVE-2024-56215 | 2024-12-31 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Stephen Sherrard Member Directory and Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through 1.7.0. | |||||
| CVE-2024-56211 | 2024-12-31 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9. | |||||
| CVE-2023-35149 | 1 Jenkins | 1 Digital.ai App Management Publisher | 2024-12-30 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. | |||||
| CVE-2024-0984 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2024-12-27 | N/A | 4.3 MEDIUM |
| The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to disable the image optimization setting. | |||||
| CVE-2024-0983 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2024-12-27 | N/A | 4.3 MEDIUM |
| The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable image optimization. | |||||
| CVE-2024-1091 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2024-12-27 | N/A | 4.3 MEDIUM |
| The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to remove all plugin data. | |||||
| CVE-2024-1090 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2024-12-27 | N/A | 4.3 MEDIUM |
| The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings. | |||||
| CVE-2024-1089 | 1 Imagerecycle | 1 Imagerecycle Pdf \& Image Compression | 2024-12-27 | N/A | 4.3 MEDIUM |
| The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings. | |||||
| CVE-2023-36504 | 1 Bbsetheme | 1 Bbs E-popup | 2024-12-26 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through 2.4.5. | |||||
| CVE-2024-11281 | 2024-12-25 | N/A | 9.8 CRITICAL | ||
| The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id' value when option values are empty and the ability for attackers to change the email of arbitrary user accounts. This makes it possible for unauthenticated attackers to change the email of arbitrary user accounts, including administrators, and reset their password to gain access to the account. | |||||
| CVE-2024-12413 | 2024-12-25 | N/A | 5.3 MEDIUM | ||
| The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions like 'marketking_delete_team_member', 'marketkingrejectuser', 'marketking_save_profile_settings', and many more in all versions up to, and including, 2.0.00. This makes it possible for unauthenticated attackers to delete users, update settings, approve users, and more. | |||||
| CVE-2024-12190 | 2024-12-25 | N/A | 4.3 MEDIUM | ||
| The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and including, 2.17.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all form submissions from other users. | |||||
| CVE-2024-12881 | 2024-12-24 | N/A | 8.8 HIGH | ||
| The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restore_version() function in all versions up to, and including, 0.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files leveraging files included locally. | |||||
| CVE-2024-12594 | 2024-12-24 | N/A | 8.8 HIGH | ||
| The Custom Login Page Styler – Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login – Limit Login Attempts – Locked Site plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'lps_generate_temp_access_url' AJAX action in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to login as other users such as subscribers. | |||||