Total
4661 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22272 | 2024-12-02 | N/A | 4.9 MEDIUM | ||
| VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own organization's scope. | |||||
| CVE-2024-53784 | 2024-12-02 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through 5.0.9. | |||||
| CVE-2024-53708 | 2024-12-02 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in AutoQuiz AI Quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through 1.1. | |||||
| CVE-2024-31248 | 1 Plugins360 | 1 All-in-one Video Gallery | 2024-12-02 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Team Plugins360 All-in-One Video Gallery.This issue affects All-in-One Video Gallery: from n/a through 3.5.2. | |||||
| CVE-2024-10900 | 1 Metagauss | 1 Profilegrid | 2024-11-29 | N/A | 6.5 MEDIUM |
| The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary user meta which can do things like deny an administrator's access to their site. . | |||||
| CVE-2024-11918 | 2024-11-28 | N/A | 4.3 MEDIUM | ||
| The Image Alt Text plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the iat_add_alt_txt_action and iat_update_alt_txt_action AJAX actions in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the alt text on arbitrary images. | |||||
| CVE-2024-10580 | 2024-11-27 | N/A | 5.3 MEDIUM | ||
| The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms. | |||||
| CVE-2024-9941 | 1 Mojoomla | 1 Wordpress Gym Management System | 2024-11-26 | N/A | 8.8 HIGH |
| The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new user accounts with the administrator role. | |||||
| CVE-2024-11354 | 1 Codelizar | 1 Ultimate Youtube Video \& Shorts Player With Vimeo | 2024-11-26 | N/A | 4.3 MEDIUM |
| The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete single playlists. | |||||
| CVE-2024-11334 | 1 Nes360 | 1 My Contador Lesr | 2024-11-26 | N/A | 4.3 MEDIUM |
| The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportar_registros() function in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to export user data. | |||||
| CVE-2024-35669 | 1 Bowo | 1 Debug Log Manager | 2024-11-26 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1. | |||||
| CVE-2024-35660 | 1 Master-addons | 1 Master Addons | 2024-11-26 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. | |||||
| CVE-2022-20941 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | N/A | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to missing authorization for certain resources in the web-based management interface together with insufficient entropy in these resource names. An attacker could exploit this vulnerability by sending a series of HTTPS requests to an affected device to enumerate resources on the device. A successful exploit could allow the attacker to retrieve sensitive information from the device. | |||||
| CVE-2024-31252 | 1 Dfactory | 1 Responsive Lightbox \& Gallery | 2024-11-26 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in dFactory Responsive Lightbox.This issue affects Responsive Lightbox: from n/a through 2.4.6. | |||||
| CVE-2024-31261 | 1 Aakashweb | 1 Announcer | 2024-11-26 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Aakash Chakravarthy Announcer – Notification & message bars.This issue affects Announcer – Notification & message bars: from n/a through 6.0. | |||||
| CVE-2024-33565 | 1 Ukrsolution | 1 Barcode Scanner And Inventory Manager | 2024-11-26 | N/A | 9.1 CRITICAL |
| Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | |||||
| CVE-2024-33572 | 1 Posimyth | 1 Nexter Blocks | 2024-11-26 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through 3.2.5. | |||||
| CVE-2024-34435 | 1 Coderevolution | 1 Aiomatic | 2024-11-26 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3. | |||||
| CVE-2024-10579 | 2024-11-26 | N/A | 4.3 MEDIUM | ||
| The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view unpublished forms. | |||||
| CVE-2024-10542 | 2024-11-26 | N/A | 9.8 CRITICAL | ||
| The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. | |||||