Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3213 | 1 Relevanssi | 1 Relevanssi | 2025-02-04 | N/A | 5.3 MEDIUM |
| The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS. | |||||
| CVE-2024-33647 | 2025-02-04 | N/A | 6.5 MEDIUM | ||
| A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects. | |||||
| CVE-2024-3607 | 1 Wp-property-hive | 1 Propertyhive | 2025-02-04 | N/A | 4.3 MEDIUM |
| The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts | |||||
| CVE-2024-50967 | 2025-02-04 | N/A | 6.5 MEDIUM | ||
| The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information. | |||||
| CVE-2023-1414 | 1 Rextheme | 1 Wp Vr | 2025-02-04 | N/A | 4.3 MEDIUM |
| The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours | |||||
| CVE-2023-49831 | 1 Metagauss | 1 Registrationmagic | 2025-02-04 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in Metagauss User Registration Forms RegistrationMagic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through 5.2.3.0. | |||||
| CVE-2024-32682 | 1 Bdthemes | 1 Prime Slider | 2025-02-04 | N/A | 7.1 HIGH |
| Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. | |||||
| CVE-2024-32681 | 1 Bdthemes | 1 Prime Slider | 2025-02-04 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. | |||||
| CVE-2025-22696 | 2025-02-04 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in EmbedPress Document Block – Upload & Embed Docs. This issue affects Document Block – Upload & Embed Docs: from n/a through 1.1.0. | |||||
| CVE-2024-13529 | 2025-02-04 | N/A | 6.5 MEDIUM | ||
| The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download arbitrary files from the target system. | |||||
| CVE-2024-25935 | 1 Metagauss | 1 Registrationmagic | 2025-02-03 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | |||||
| CVE-2024-46450 | 2025-02-03 | N/A | 8.1 HIGH | ||
| Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request. | |||||
| CVE-2024-33595 | 1 Master-addons | 1 Master Addons | 2025-02-03 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. | |||||
| CVE-2024-57682 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request. | |||||
| CVE-2024-11134 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
| The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to download bookings, which contains customers' personal data. | |||||
| CVE-2024-11133 | 2025-02-03 | N/A | 5.3 MEDIUM | ||
| The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets. | |||||
| CVE-2024-33912 | 1 Kodezen | 1 Academy Lms | 2025-02-03 | N/A | 7.1 HIGH |
| Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. | |||||
| CVE-2023-33321 | 1 Metagauss | 1 Eventprime | 2025-02-03 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6. | |||||
| CVE-2025-24697 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Gallery – Responsive Photo Gallery: from n/a through 1.0.5. | |||||
| CVE-2025-24643 | 2025-02-03 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0. | |||||