Total
5093 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37123 | 2024-11-01 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3. | |||||
| CVE-2024-43212 | 2024-11-01 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7. | |||||
| CVE-2024-37106 | 2024-11-01 | N/A | 8.2 HIGH | ||
| Missing Authorization vulnerability in WishList Products WishList Member X allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WishList Member X: from n/a through 3.26.6 | |||||
| CVE-2024-37425 | 2024-11-01 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8. | |||||
| CVE-2024-38744 | 2024-11-01 | N/A | 8.3 HIGH | ||
| Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0. | |||||
| CVE-2024-37095 | 2024-11-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.7.3. | |||||
| CVE-2024-37214 | 2024-11-01 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Dropshipping Guru Ali2Woo Lite Exploiting Incorrectly Configured Access Control Security Levels, Stored XSS.This issue affects Ali2Woo Lite: from n/a through 3.3.5. | |||||
| CVE-2024-37443 | 2024-11-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Automattic WP Job Manager - Resume Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0. | |||||
| CVE-2024-37250 | 2024-11-01 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1. | |||||
| CVE-2024-9361 | 1 Giuliopanda | 1 Bulk Images Optimizer | 2024-11-01 | N/A | 4.3 MEDIUM |
| The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options. | |||||
| CVE-2024-50421 | 2024-11-01 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through 3.8.6. | |||||
| CVE-2024-50428 | 2024-11-01 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21. | |||||
| CVE-2024-50454 | 2024-11-01 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | |||||
| CVE-2024-50422 | 2024-11-01 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.1.14. | |||||
| CVE-2024-50423 | 2024-11-01 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5. | |||||
| CVE-2024-50424 | 2024-11-01 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5. | |||||
| CVE-2024-10399 | 2024-11-01 | N/A | 4.3 MEDIUM | ||
| The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users. | |||||
| CVE-2024-42934 | 2024-10-31 | N/A | 5.0 MEDIUM | ||
| OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution. | |||||
| CVE-2024-20463 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | N/A | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition. | |||||
| CVE-2020-36840 | 1 Motopress | 1 Timetable And Event Schedule | 2024-10-30 | N/A | 7.3 HIGH |
| The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more. | |||||