Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9361 | 1 Giuliopanda | 1 Bulk Images Optimizer | 2024-11-01 | N/A | 4.3 MEDIUM |
| The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options. | |||||
| CVE-2024-33547 | 1 Aa-team | 1 Wzone | 2024-11-01 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10. | |||||
| CVE-2023-52177 | 1 Softlabdb | 1 Integrate Google Drive | 2024-11-01 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3. | |||||
| CVE-2024-33555 | 1 8theme | 1 Xstore Core | 2024-11-01 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8. | |||||
| CVE-2024-33561 | 1 8theme | 1 Xstore | 2024-11-01 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. | |||||
| CVE-2024-33563 | 1 8theme | 1 Xstore | 2024-11-01 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. | |||||
| CVE-2024-33564 | 1 8theme | 1 Xstore | 2024-11-01 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. | |||||
| CVE-2024-33545 | 1 Aa-team | 1 Wzone | 2024-11-01 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10. | |||||
| CVE-2024-33543 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2024-11-01 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06. | |||||
| CVE-2024-31274 | 1 Wpdeveloper | 1 Embedpress | 2024-11-01 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.11. | |||||
| CVE-2024-31273 | 1 Wiselyhub | 1 Js Help Desk | 2024-11-01 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.3. | |||||
| CVE-2024-31267 | 1 Wpdesk | 1 Flexible Checkout Fields | 2024-11-01 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WP Desk Flexible Checkout Fields for WooCommerce.This issue affects Flexible Checkout Fields for WooCommerce: from n/a through 4.1.2. | |||||
| CVE-2024-5770 | 1 Webfactoryltd | 1 Wp Force Ssl | 2024-11-01 | N/A | 4.3 MEDIUM |
| The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permissions and above, to update the plugin settings. | |||||
| CVE-2024-5654 | 1 Gsheetconnector | 1 Cf7 Google Sheets Connector | 2024-11-01 | N/A | 6.5 MEDIUM |
| The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site configuration settings, including WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES. | |||||
| CVE-2024-50423 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5. | |||||
| CVE-2024-50422 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.1.14. | |||||
| CVE-2024-10399 | 2024-11-01 | N/A | 4.3 MEDIUM | ||
| The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users. | |||||
| CVE-2024-50424 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5. | |||||
| CVE-2024-50421 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through 3.8.6. | |||||
| CVE-2024-50454 | 2024-11-01 | N/A | N/A | ||
| Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | |||||