Total
5133 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-56217 | 1 W3eden | 1 Download Manager | 2025-03-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03. | |||||
| CVE-2025-24974 | 1 Dataease | 1 Dataease | 2025-03-21 | N/A | 6.5 MEDIUM |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | |||||
| CVE-2023-46628 | 1 Redlettuce | 1 Wp Word Count | 2025-03-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4. | |||||
| CVE-2025-2103 | 1 Irontemplates | 1 Soundrise | 2025-03-21 | N/A | 8.8 HIGH |
| The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2025-2289 | 1 Zozothemes | 1 Zegen | 2025-03-21 | N/A | 4.3 MEDIUM |
| The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import, export, and update theme options. | |||||
| CVE-2024-56227 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-03-21 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in WP Royal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through 1.7.1001. | |||||
| CVE-2024-38783 | 1 Tychesoftwares | 1 Arconix Faq | 2025-03-20 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Tyche Softwares Arconix FAQ allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix FAQ: from n/a through 1.9.4. | |||||
| CVE-2024-38769 | 1 Tychesoftwares | 1 Arconix Shortcodes | 2025-03-20 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11. | |||||
| CVE-2023-44472 | 1 Brizy | 1 Unyson | 2025-03-20 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.28. | |||||
| CVE-2024-23520 | 1 Accessally | 1 Popupally | 2025-03-20 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0. | |||||
| CVE-2023-2414 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2025-03-20 | N/A | 5.4 MEDIUM |
| The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload arbitrary files, and inject malicious JavaScript (before 4.3.2). | |||||
| CVE-2024-22298 | 1 Tms-outsource | 1 Amelia | 2025-03-20 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98. | |||||
| CVE-2025-1508 | 1 Themeum | 1 Wp Crowdfunding | 2025-03-20 | N/A | 5.3 MEDIUM |
| The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download all of a site's post content when WooCommerce is installed. | |||||
| CVE-2024-34799 | 1 Reputeinfosystems | 1 Bookingpress | 2025-03-20 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82. | |||||
| CVE-2024-1763 | 1 Wpmet | 1 Wp Social Login And Register Social Counter | 2025-03-20 | N/A | 6.5 MEDIUM |
| The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features. | |||||
| CVE-2023-35051 | 1 Cimatti | 1 Wordpress Contact Forms | 2025-03-19 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7. | |||||
| CVE-2024-43331 | 1 Veronalabs | 1 Wp Sms | 2025-03-19 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3. | |||||
| CVE-2024-32143 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0. | |||||
| CVE-2024-32712 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14. | |||||
| CVE-2024-40852 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-19 | N/A | 5.3 MEDIUM |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access. | |||||