Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43962 | 1 Lws | 1 Affiliation | 2024-11-08 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4. | |||||
| CVE-2024-43956 | 1 Caseproof | 1 Memberpress | 2024-11-08 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34. | |||||
| CVE-2024-43937 | 1 Themeum | 1 Wp Crowdfunding | 2024-11-08 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10. | |||||
| CVE-2024-38190 | 1 Microsoft | 1 Power Platform | 2024-11-08 | N/A | 8.6 HIGH |
| Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. | |||||
| CVE-2024-7429 | 1 Katieseaborn | 1 Zotpress | 2024-11-08 | N/A | 4.3 MEDIUM |
| The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset the plugin's settings. | |||||
| CVE-2024-50456 | 1 Seopress | 1 Seopress | 2024-11-07 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | |||||
| CVE-2024-50455 | 1 Seopress | 1 Seopress | 2024-11-07 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | |||||
| CVE-2024-49367 | 1 Nginxui | 1 Nginx Ui | 2024-11-07 | N/A | 7.5 HIGH |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue. | |||||
| CVE-2024-50459 | 1 Hmplugin | 1 Aidwp | 2024-11-06 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3. | |||||
| CVE-2024-9109 | 1 Octolize | 1 Woocommerce Ups Shipping | 2024-11-06 | N/A | 4.3 MEDIUM |
| The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_oauth_data function in all versions up to, and including, 2.3.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's API key. | |||||
| CVE-2024-43924 | 1 Dfactory | 1 Responsive Lightbox | 2024-11-06 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7. | |||||
| CVE-2024-9686 | 1 Choplugins | 1 Order Notification For Telegram | 2024-11-06 | N/A | 5.3 MEDIUM |
| The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test message via the Telegram Bot API to the user configured in the settings. | |||||
| CVE-2024-49357 | 1 Zimaspace | 1 Zimaos | 2024-11-06 | N/A | 7.5 HIGH |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as `http://<Server-IP>/v1/users/image?path=/var/lib/casaos/1/app_order.json` and `http://<Server-IP>/v1/users/image?path=/var/lib/casaos/1/system.json`, expose sensitive data like installed applications and system information without requiring any authentication or authorization. This sensitive data leak can be exploited by attackers to gain detailed knowledge about the system setup, installed applications, and other critical information. As of time of publication, no known patched versions are available. | |||||
| CVE-2024-48932 | 1 Zimaspace | 1 Zimaos | 2024-11-06 | N/A | 5.3 MEDIUM |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Server-ip>/v1/users/name` allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be exploited by an attacker to enumerate usernames and leverage them for further attacks, such as brute-force or phishing campaigns. As of time of publication, no known patched versions are available. | |||||
| CVE-2024-43219 | 2024-11-05 | N/A | N/A | ||
| Missing Authorization vulnerability in ??????? ????? Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6. | |||||
| CVE-2024-47362 | 1 Wpchill | 1 Strong Testimonials | 2024-11-05 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16. | |||||
| CVE-2024-9584 | 1 Webcraftplugins | 1 Image Map Pro | 2024-11-05 | N/A | 5.4 MEDIUM |
| The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or above, to add, update or delete map projects. | |||||
| CVE-2023-51494 | 1 Woocommerce | 1 Product Vendors | 2024-11-05 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1. | |||||
| CVE-2024-31243 | 1 Bricksforge | 1 Bricksforge | 2024-11-05 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. | |||||
| CVE-2024-31244 | 1 Bricksforge | 1 Bricksforge | 2024-11-05 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17. | |||||