Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33983 | 1 Briarproject | 1 Briar | 2025-01-16 | N/A | 7.4 HIGH |
| The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties. | |||||
| CVE-2023-5611 | 1 S-sols | 1 Seraphinite Accelerator | 2025-01-16 | N/A | 5.3 MEDIUM |
| The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them | |||||
| CVE-2024-3711 | 1 Brizy | 1 Brizy | 2025-01-16 | N/A | 4.3 MEDIUM |
| The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template, and action_request_enable in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with contributor access or above, to enable/disable the Brizy editor and modify the template used. | |||||
| CVE-2024-1937 | 1 Brizy | 1 Brizy | 2025-01-16 | N/A | 7.1 HIGH |
| The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to modify the content of arbitrary published posts, which includes the ability to insert malicious JavaScript. | |||||
| CVE-2024-1388 | 1 Wpmoose | 1 Yuki | 2025-01-16 | N/A | 4.3 MEDIUM |
| The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme's settings. | |||||
| CVE-2024-6455 | 1 Wpmet | 1 Elements Kit Elementor Addons | 2025-01-16 | N/A | 5.3 MEDIUM |
| The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items. | |||||
| CVE-2024-1779 | 1 Zestard | 1 Admin Side Data Storage For Contact Form 7 | 2025-01-16 | N/A | 5.3 MEDIUM |
| The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages. | |||||
| CVE-2024-1778 | 1 Zestard | 1 Admin Side Data Storage For Contact Form 7 | 2025-01-16 | N/A | 4.3 MEDIUM |
| The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses. | |||||
| CVE-2024-12427 | 2025-01-16 | N/A | 5.3 MEDIUM | ||
| The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images. | |||||
| CVE-2024-1125 | 1 Metagauss | 1 Eventprime | 2025-01-15 | N/A | 6.5 MEDIUM |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts. | |||||
| CVE-2024-1124 | 1 Metagauss | 1 Eventprime | 2025-01-15 | N/A | 4.3 MEDIUM |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary emails with arbitrary content from the site. | |||||
| CVE-2024-1123 | 1 Metagauss | 1 Eventprime | 2025-01-15 | N/A | 6.5 MEDIUM |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the title and content of arbitrary posts. This can also be exploited by unauthenticated attackers when the allow_submission_by_anonymous_user setting is enabled. | |||||
| CVE-2024-1687 | 1 Villatheme | 1 Woocommerce Thank You Page Customizer | 2025-01-15 | N/A | 5.4 MEDIUM |
| The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes. | |||||
| CVE-2024-1686 | 1 Villatheme | 1 Woocommerce Thank You Page Customizer | 2025-01-15 | N/A | 5.3 MEDIUM |
| The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII. | |||||
| CVE-2024-3553 | 1 Themeum | 1 Tutor Lms | 2025-01-15 | N/A | 6.5 MEDIUM |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to enable user registration on sites that may have it disabled. | |||||
| CVE-2024-1502 | 1 Themeum | 1 Tutor Lms | 2025-01-15 | N/A | 5.4 MEDIUM |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts. | |||||
| CVE-2024-1133 | 1 Themeum | 1 Tutor Lms | 2025-01-15 | N/A | 4.3 MEDIUM |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with subscriber access or higher, to interact with questions in courses in which they are not enrolled including private courses. | |||||
| CVE-2024-1127 | 1 Metagauss | 1 Eventprime | 2025-01-15 | N/A | 4.3 MEDIUM |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve all event booking which can contain PII. | |||||
| CVE-2024-1126 | 1 Metagauss | 1 Eventprime | 2025-01-15 | N/A | 5.3 MEDIUM |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve the attendees list for any event. | |||||
| CVE-2024-4205 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-01-15 | N/A | 4.3 MEDIUM |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve Elementor template data. | |||||