Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21396 | 1 Microsoft | 1 Account | 2025-02-12 | N/A | 8.2 HIGH |
| Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2024-4427 | 1 Comparisonslider | 1 Comparison Slider | 2025-02-12 | N/A | 4.3 MEDIUM |
| The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugin settings and perform other actions such deleting sliders. | |||||
| CVE-2023-0805 | 1 Gitlab | 1 Gitlab | 2025-02-12 | N/A | 4.9 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. | |||||
| CVE-2023-4947 | 1 Yanco | 1 Woocommerce Ean Payment Gateway | 2025-02-12 | N/A | 4.3 MEDIUM |
| The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update EAN numbers for orders. | |||||
| CVE-2025-26377 | 2025-02-12 | N/A | 8.1 HIGH | ||
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests. | |||||
| CVE-2025-26374 | 2025-02-12 | N/A | 6.5 MEDIUM | ||
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests. | |||||
| CVE-2025-26373 | 2025-02-12 | N/A | 6.5 MEDIUM | ||
| A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests. | |||||
| CVE-2025-26372 | 2025-02-12 | N/A | 7.1 HIGH | ||
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests. | |||||
| CVE-2025-26370 | 2025-02-12 | N/A | 7.1 HIGH | ||
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests. | |||||
| CVE-2025-26369 | 2025-02-12 | N/A | 8.8 HIGH | ||
| A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to user groups via crafted HTTP requests. | |||||
| CVE-2024-45461 | 1 Apache | 1 Cloudstack | 2025-02-12 | N/A | 5.7 MEDIUM |
| The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting "quota.enable.service" to "false". | |||||
| CVE-2023-32295 | 2025-02-11 | N/A | 6.3 MEDIUM | ||
| Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. | |||||
| CVE-2024-12370 | 1 Thimpress | 1 Wp Hotel Booking | 2025-02-11 | N/A | 5.3 MEDIUM |
| The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to add rooms with custom prices. | |||||
| CVE-2023-40203 | 1 Mailmunch | 1 Mailchimp Forms | 2025-02-11 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4. | |||||
| CVE-2024-1860 | 1 Billminozzi | 1 Anti Hacker | 2025-02-11 | N/A | 6.5 MEDIUM |
| The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection | |||||
| CVE-2024-1516 | 1 Zao | 1 Wp Ecommerce | 2025-02-11 | N/A | 5.3 MEDIUM |
| The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrary content. | |||||
| CVE-2025-24596 | 1 Wcproducttable | 1 Woocommerce Product Table | 2025-02-11 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.8.7. | |||||
| CVE-2024-1368 | 1 Samuelkwle | 1 Page Duplicator | 2025-02-11 | N/A | 5.3 MEDIUM |
| The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_dat_page() function in all versions up to, and including, 0.1.1. This makes it possible for unauthenticated attackers to duplicate arbitrary posts and pages. | |||||
| CVE-2025-25167 | 1 Blackandwhitedigital | 1 Bookpress | 2025-02-11 | N/A | 8.2 HIGH |
| Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BookPress – For Book Authors: from n/a through 1.2.7. | |||||
| CVE-2020-9009 | 1 Shipstation | 1 Shipstation | 2025-02-11 | N/A | 3.7 LOW |
| The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number. | |||||