Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1861 | 1 Billminozzi | 1 Anti Hacker | 2025-01-27 | N/A | 4.3 MEDIUM |
| The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table. | |||||
| CVE-2024-1389 | 1 Cozmoslabs | 1 Membership \& Content Restriction - Paid Member Subscriptions | 2025-01-27 | N/A | 5.3 MEDIUM |
| The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys. | |||||
| CVE-2025-24747 | 2025-01-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0. | |||||
| CVE-2025-24744 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3. | |||||
| CVE-2025-24743 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2. | |||||
| CVE-2025-24734 | 2025-01-27 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7. | |||||
| CVE-2025-24653 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1. | |||||
| CVE-2025-24606 | 2025-01-27 | N/A | 6.4 MEDIUM | ||
| Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.1. | |||||
| CVE-2025-24603 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders. This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.10. | |||||
| CVE-2025-24600 | 2025-01-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in David F. Carr RSVPMarker . This issue affects RSVPMarker : from n/a through 11.4.5. | |||||
| CVE-2025-24590 | 2025-01-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Haptiq picu – Online Photo Proofing Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects picu – Online Photo Proofing Gallery: from n/a through 2.4.0. | |||||
| CVE-2025-23982 | 2025-01-27 | N/A | 7.1 HIGH | ||
| Missing Authorization vulnerability in Marian Kanev Cab fare calculator allows Stored XSS. This issue affects Cab fare calculator: from n/a through 1.1. | |||||
| CVE-2025-23849 | 2025-01-27 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Benjamin Piwowarski PAPERCITE allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PAPERCITE: from n/a through 0.5.18. | |||||
| CVE-2025-23656 | 2025-01-27 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Saul Morales Pacheco Donate visa allows Stored XSS. This issue affects Donate visa: from n/a through 1.0.0. | |||||
| CVE-2025-23529 | 2025-01-27 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Blokhaus Minterpress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Minterpress: from n/a through 1.0.5. | |||||
| CVE-2025-24754 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0. | |||||
| CVE-2025-24584 | 2025-01-27 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0. | |||||
| CVE-2024-10574 | 2025-01-26 | N/A | 7.2 HIGH | ||
| The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This makes it possible for unauthenticated attackers to modify the Google Sheets integration credentials within the plugin's settings. Because the 'client_id' parameter is not sanitized or escaped when used in output, this vulnerability could also be leveraged to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-12826 | 2025-01-25 | N/A | 4.3 MEDIUM | ||
| The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings. | |||||
| CVE-2024-12113 | 2025-01-25 | N/A | 4.3 MEDIUM | ||
| The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user's reviews. | |||||