Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9067 | 1 Kainelabs | 1 Youzify | 2024-10-15 | N/A | 4.3 MEDIUM |
| The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' function in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary attachments. | |||||
| CVE-2024-9685 | 1 Andreamarinucci | 1 Notification For Telegram | 2024-10-15 | N/A | 4.3 MEDIUM |
| The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send a test message via the Telegram Bot API to all users configured in the settings. | |||||
| CVE-2024-9065 | 1 Matbao | 1 Wp Helper Premium | 2024-10-15 | N/A | 5.3 MEDIUM |
| The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any content and originating from the vulnerable WordPress instance to any recipient. | |||||
| CVE-2024-8513 | 1 Quarka | 1 Qa Analytics | 2024-10-15 | N/A | 5.3 MEDIUM |
| The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in all versions up to, and including, 4.1.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings. | |||||
| CVE-2024-9234 | 2024-10-15 | N/A | N/A | ||
| The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins. | |||||
| CVE-2024-9187 | 2024-10-15 | N/A | 4.3 MEDIUM | ||
| The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons. | |||||
| CVE-2024-9824 | 2024-10-15 | N/A | 4.3 MEDIUM | ||
| The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts and update post titles. | |||||
| CVE-2024-9860 | 2024-10-15 | N/A | 6.5 MEDIUM | ||
| The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'import_action' and 'install_plugin_per_demo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with subscriber-level permissions or above, to delete or change plugin settings, import demo data, and install limited plugins. | |||||
| CVE-2024-35674 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2024-10-14 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.109. | |||||
| CVE-2024-47790 | 2024-10-14 | N/A | N/A | ||
| ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol (RTSP) version for live video streaming. A remote attacker could exploit this vulnerability by crafting a RTSP packet leading to unauthorized access to live feed of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2023-42740 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-10-11 | N/A | 7.8 HIGH |
| In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | |||||
| CVE-2023-44113 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-11 | N/A | 7.5 HIGH |
| Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-25929 | 1 Multivendorx | 1 Product Catalog Mode For Woocommerce | 2024-10-11 | N/A | 9.1 CRITICAL |
| Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5. | |||||
| CVE-2024-25092 | 1 Xlplugins | 1 Nextmove | 2024-10-11 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0. | |||||
| CVE-2024-24716 | 1 Getawesomesupport | 1 Awesome Support | 2024-10-11 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.6. | |||||
| CVE-2023-34003 | 1 Woocommerce | 1 Box Office | 2024-10-11 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. | |||||
| CVE-2023-31080 | 1 Unlimited-elements | 1 Unlimited Elements For Elementor | 2024-10-11 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65. | |||||
| CVE-2024-30464 | 1 Wpzoom | 1 Social Icons Widget | 2024-10-10 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15. | |||||
| CVE-2024-30465 | 1 Pagelayer | 1 Pagelayer | 2024-10-10 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a through 1.8.1. | |||||
| CVE-2021-25093 | 1 Ylefebvre | 1 Link Library | 2024-10-10 | 5.0 MEDIUM | 7.5 HIGH |
| The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request | |||||