Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27296 | 2025-02-24 | N/A | 7.2 HIGH | ||
| Missing Authorization vulnerability in revenueflex Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue: from n/a through 1.5. | |||||
| CVE-2025-27294 | 2025-02-24 | N/A | 4.8 MEDIUM | ||
| Missing Authorization vulnerability in platcom WP-Asambleas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP-Asambleas: from n/a through 2.85.0. | |||||
| CVE-2025-26883 | 2025-02-24 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in bPlugins Animated Text Block allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Animated Text Block: from n/a through 1.0.7. | |||||
| CVE-2024-13439 | 1 Techlabpro | 1 Team | 2025-02-24 | N/A | 4.3 MEDIUM |
| The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. | |||||
| CVE-2024-13752 | 1 Wedevs | 1 Wp Project Manager | 2025-02-24 | N/A | 6.5 MEDIUM |
| The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check in the '/pm/v2/settings/notice' endpoint all versions up to, and including, 2.6.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cause a persistent denial of service condition. | |||||
| CVE-2025-0935 | 1 Maxfoundry | 1 Media Library Folders | 2025-02-24 | N/A | 4.3 MEDIUM |
| The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to change plugin settings related to things such as IP-blocking. | |||||
| CVE-2025-26764 | 2025-02-22 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22. | |||||
| CVE-2025-26750 | 2025-02-22 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in appsbd Vitepos allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Vitepos: from n/a through 3.1.3. | |||||
| CVE-2025-1557 | 2025-02-22 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-33558 | 1 8theme | 1 Xstore Core | 2025-02-21 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5. | |||||
| CVE-2023-20959 | 1 Google | 1 Android | 2025-02-21 | N/A | 7.8 HIGH |
| In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-249057848 | |||||
| CVE-2024-13677 | 1 Istmoplugins | 1 Get Bookings Wp | 2025-02-21 | N/A | 8.8 HIGH |
| The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | |||||
| CVE-2024-13687 | 1 Webdevocean | 1 Team Builder | 2025-02-21 | N/A | 4.3 MEDIUM |
| The Team Builder – Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. | |||||
| CVE-2024-13651 | 1 Rapidload | 1 Rapidload Power-up For Autoptimize | 2025-02-21 | N/A | 4.3 MEDIUM |
| The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_deactivate() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset some of the plugin's settings. | |||||
| CVE-2024-13556 | 1 Wecantrack | 1 Affiliate Links | 2025-02-21 | N/A | 8.1 HIGH |
| The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | |||||
| CVE-2025-0939 | 1 Dcooperman | 1 Magicform | 2025-02-21 | N/A | 6.3 MEDIUM |
| The MagicForm plugin for WordPress is vulnerable to access and modification of data due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to invoke those actions in order to delete or view logs, modify forms or modify plugin settings. | |||||
| CVE-2024-12825 | 1 Brechtvds | 1 Custom Related Posts | 2025-02-21 | N/A | 5.4 MEDIUM |
| The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to search posts and link/unlink relations. | |||||
| CVE-2024-13316 | 1 Akashmalik | 1 Scracth \& Win | 2025-02-21 | N/A | 5.3 MEDIUM |
| The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswn_create_discount() function in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create coupons. | |||||
| CVE-2024-13783 | 1 Ncrafts | 1 Formcraft | 2025-02-21 | N/A | 4.3 MEDIUM |
| The FormCraft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in formcraft-main.php in all versions up to, and including, 3.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export all plugin data which may contain sensitive information from form submissions. | |||||
| CVE-2024-33570 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2025-02-20 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3. | |||||