Total
5660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28004 | 1 Extendthemes | 1 Colibri Page Builder | 2025-01-28 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248. | |||||
| CVE-2022-48388 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
| In powerEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2022-44433 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 7.8 HIGH |
| In phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | |||||
| CVE-2024-1108 | 1 Davidcramer | 1 Plugin Groups | 2025-01-28 | N/A | 6.5 MEDIUM |
| The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration. | |||||
| CVE-2024-36377 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions | |||||
| CVE-2024-1861 | 1 Billminozzi | 1 Anti Hacker | 2025-01-27 | N/A | 4.3 MEDIUM |
| The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table. | |||||
| CVE-2024-1389 | 1 Cozmoslabs | 1 Membership \& Content Restriction - Paid Member Subscriptions | 2025-01-27 | N/A | 5.3 MEDIUM |
| The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys. | |||||
| CVE-2025-24747 | 2025-01-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0. | |||||
| CVE-2025-24744 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3. | |||||
| CVE-2025-24743 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2. | |||||
| CVE-2025-24734 | 2025-01-27 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7. | |||||
| CVE-2025-24653 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1. | |||||
| CVE-2025-24606 | 2025-01-27 | N/A | 6.4 MEDIUM | ||
| Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.1. | |||||
| CVE-2025-24603 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders. This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.10. | |||||
| CVE-2025-24600 | 2025-01-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in David F. Carr RSVPMarker . This issue affects RSVPMarker : from n/a through 11.4.5. | |||||
| CVE-2025-24590 | 2025-01-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Haptiq picu – Online Photo Proofing Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects picu – Online Photo Proofing Gallery: from n/a through 2.4.0. | |||||
| CVE-2025-23982 | 2025-01-27 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in Marian Kanev Cab fare calculator allows Stored XSS. This issue affects Cab fare calculator: from n/a through 1.1. | |||||
| CVE-2025-23849 | 2025-01-27 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Benjamin Piwowarski PAPERCITE allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PAPERCITE: from n/a through 0.5.18. | |||||
| CVE-2025-23656 | 2025-01-27 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Saul Morales Pacheco Donate visa allows Stored XSS. This issue affects Donate visa: from n/a through 1.0.0. | |||||
| CVE-2025-23529 | 2025-01-27 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Blokhaus Minterpress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Minterpress: from n/a through 1.0.5. | |||||