Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12201 | 1 Hashthemes | 1 Hash Form | 2025-02-27 | N/A | 4.3 MEDIUM |
| The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create new form styles. | |||||
| CVE-2023-37967 | 1 Designinvento | 1 Directorypress | 2025-02-27 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2. | |||||
| CVE-2023-5454 | 1 Templately | 1 Templately | 2025-02-26 | N/A | 7.5 HIGH |
| The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts. | |||||
| CVE-2023-21021 | 1 Google | 1 Android | 2025-02-26 | N/A | 7.8 HIGH |
| In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255537598 | |||||
| CVE-2023-21005 | 1 Google | 1 Android | 2025-02-26 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193946 | |||||
| CVE-2023-21004 | 1 Google | 1 Android | 2025-02-26 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193664 | |||||
| CVE-2023-21003 | 1 Google | 1 Android | 2025-02-26 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193711 | |||||
| CVE-2023-21001 | 1 Google | 1 Android | 2025-02-26 | N/A | 7.8 HIGH |
| In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237672190 | |||||
| CVE-2024-32818 | 1 Pluginus | 1 Wordpress Meta Data And Taxonomies Filter | 2025-02-26 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3. | |||||
| CVE-2024-32824 | 1 Evergreencontentposter | 1 Evergreen Content Poster | 2025-02-26 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Evergreen Content Poster.This issue affects Evergreen Content Poster: from n/a through 1.4.2. | |||||
| CVE-2023-21002 | 1 Google | 1 Android | 2025-02-26 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193935 | |||||
| CVE-2022-4148 | 1 Dash10 | 1 Oauth Server | 2025-02-26 | N/A | 4.3 MEDIUM |
| The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. | |||||
| CVE-2022-45636 | 1 Megafeis | 1 Bofei Dbd\+ | 2025-02-26 | N/A | 8.1 HIGH |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests. | |||||
| CVE-2025-1249 | 2025-02-26 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Pixelite Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through 6.6.4.1. | |||||
| CVE-2024-27900 | 1 Sap | 1 Abap Platform | 2025-02-26 | N/A | 4.3 MEDIUM |
| Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner. | |||||
| CVE-2024-9628 | 1 10web | 1 Wps Telegram Chat | 2025-02-26 | N/A | 6.3 MEDIUM |
| The WPS Telegram Chat plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Wps_Telegram_Chat_Admin::checkСonnection' function in versions up to, and including, 4.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the Telegram Bot API endpoint and communicate with it. | |||||
| CVE-2025-1091 | 2025-02-26 | N/A | 4.3 MEDIUM | ||
| A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known. | |||||
| CVE-2024-9697 | 1 Wpsocialrocket | 1 Social Rocket | 2025-02-25 | N/A | 5.3 MEDIUM |
| The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. | |||||
| CVE-2024-56273 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-02-25 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106. | |||||
| CVE-2023-23672 | 1 Givewp | 1 Givewp | 2025-02-25 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | |||||