Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12610 | 2025-03-07 | N/A | 5.3 MEDIUM | ||
| The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for unauthenticated attackers to delete arbitrary posts. | |||||
| CVE-2025-1309 | 2025-03-07 | N/A | 8.8 HIGH | ||
| The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-13655 | 2025-03-07 | N/A | 8.1 HIGH | ||
| The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. | |||||
| CVE-2024-13526 | 2025-03-07 | N/A | 4.3 MEDIUM | ||
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function in all versions up to, and including, 4.0.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download list of attendees for any event. | |||||
| CVE-2025-2042 | 2025-03-06 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability has been found in huang-yk student-manage 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-56225 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-03-06 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56. | |||||
| CVE-2021-4445 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-03-06 | N/A | 6.5 MEDIUM |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the pa_dismiss_admin_notice AJAX action. This makes it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites. | |||||
| CVE-2022-47478 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47477 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47475 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47474 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2023-45272 | 1 10web | 1 Map Builder For Google Maps | 2025-03-06 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73. | |||||
| CVE-2023-47807 | 1 10web | 1 10webanalytics | 2025-03-06 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in 10Web 10WebAnalytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through 1.2.12. | |||||
| CVE-2023-4059 | 1 Cozmoslabs | 1 Profile Builder | 2025-03-06 | N/A | 4.3 MEDIUM |
| The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog | |||||
| CVE-2022-47479 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2022-47476 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-06 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||
| CVE-2024-10860 | 1 Xlplugins | 1 Nextmove | 2025-03-06 | N/A | 4.3 MEDIUM |
| The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action() function in all versions up to, and including, 2.19.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason on behalf of a site. | |||||
| CVE-2025-1666 | 2025-03-06 | N/A | 4.3 MEDIUM | ||
| The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit the uninstall survey on behalf of a website. | |||||
| CVE-2022-47483 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | |||||
| CVE-2022-47482 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-05 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | |||||