Total
4908 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0516 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | N/A | 5.3 MEDIUM |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata. | |||||
| CVE-2024-0766 | 1 Envothemes | 1 Envo\'s Elementor Templates \& Widgets For Woocommerce | 2025-01-08 | N/A | 4.3 MEDIUM |
| The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to create templates. | |||||
| CVE-2024-0385 | 1 Frenify | 1 Categorify | 2025-01-08 | N/A | 4.3 MEDIUM |
| The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories. | |||||
| CVE-2024-1095 | 1 Themeperch | 1 Build \& Control Block Pattern | 2025-01-08 | N/A | 5.3 MEDIUM |
| The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to export the plugin's settings. | |||||
| CVE-2024-1178 | 1 Themeboy | 1 Sportspress | 2025-01-08 | N/A | 5.3 MEDIUM |
| The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs | |||||
| CVE-2024-24833 | 1 Leevio | 1 Happy Addons For Elementor | 2025-01-08 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Leevio Happy Addons for Elementor.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. | |||||
| CVE-2024-1285 | 1 Pagebuildersandwich | 1 Page Builder Sandwich | 2025-01-08 | N/A | 6.5 MEDIUM |
| The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts. | |||||
| CVE-2024-50417 | 1 Bold-themes | 1 Bold Page Builder | 2025-01-08 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in BoldThemes Bold Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through 5.1.3. | |||||
| CVE-2023-33477 | 1 Harmonicinc | 2 Nsg 9000-6g, Nsg 9000-6g Firmware | 2025-01-08 | N/A | 6.5 MEDIUM |
| In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path. | |||||
| CVE-2023-30863 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 7.8 HIGH |
| In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48448 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48447 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48446 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2022-48392 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 7.8 HIGH |
| In dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-48391 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
| In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | |||||
| CVE-2023-30915 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
| In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30914 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
| In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30866 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30865 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 5.5 MEDIUM |
| In dialer service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-30864 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-08 | N/A | 7.8 HIGH |
| In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||