Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23887 | 2024-12-09 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n/a through 1.6.0. | |||||
| CVE-2023-23886 | 2024-12-09 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in mg12 WP-RecentComments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-RecentComments: from n/a through 2.2.7. | |||||
| CVE-2023-23868 | 2024-12-09 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WPFactory Cost of Goods for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost of Goods for WooCommerce: from n/a through 2.8.6. | |||||
| CVE-2023-23823 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8. | |||||
| CVE-2023-23814 | 2024-12-09 | N/A | 3.8 LOW | ||
| Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13. | |||||
| CVE-2023-23725 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46. | |||||
| CVE-2023-23716 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: from n/a through 1.8.4. | |||||
| CVE-2023-22708 | 2024-12-09 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7. | |||||
| CVE-2024-12253 | 2024-12-07 | N/A | 5.4 MEDIUM | ||
| The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users). | |||||
| CVE-2024-7894 | 2024-12-07 | N/A | 5.3 MEDIUM | ||
| The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key. | |||||
| CVE-2024-12026 | 2024-12-07 | N/A | 4.3 MEDIUM | ||
| The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters. | |||||
| CVE-2024-11353 | 2024-12-07 | N/A | 4.3 MEDIUM | ||
| The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary messages. | |||||
| CVE-2024-54679 | 2024-12-06 | N/A | 4.3 MEDIUM | ||
| CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. | |||||
| CVE-2024-53826 | 2024-12-06 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13. | |||||
| CVE-2024-53813 | 2024-12-06 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0. | |||||
| CVE-2024-53810 | 2024-12-06 | N/A | 9.1 CRITICAL | ||
| Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5. | |||||
| CVE-2024-53806 | 2024-12-06 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through 2.2.7. | |||||
| CVE-2024-53799 | 2024-12-06 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0. | |||||
| CVE-2024-53795 | 2024-12-06 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8. | |||||
| CVE-2024-9706 | 2024-12-06 | N/A | 5.3 MEDIUM | ||
| The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page. | |||||