Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23524 | 1 Ontraport | 1 Pilotpress | 2024-09-25 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30. | |||||
| CVE-2024-35720 | 1 Awplife | 1 Album Gallery | 2024-09-25 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7. | |||||
| CVE-2024-35717 | 1 Awplife | 1 Media Slider | 2024-09-25 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow.This issue affects Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow: from n/a through 1.3.9. | |||||
| CVE-2024-21751 | 1 Yoginetwork | 1 Rabbitloader | 2024-09-25 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13. | |||||
| CVE-2024-32704 | 1 Reputeinfosystems | 1 Arforms | 2024-09-25 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. | |||||
| CVE-2024-32703 | 1 Reputeinfosystems | 1 Arforms | 2024-09-25 | N/A | 8.1 HIGH |
| Missing Authorization vulnerability in reputeinfosystems ARForms.This issue affects ARForms: from n/a through 6.4. | |||||
| CVE-2024-32701 | 1 Instawp | 1 Instawp Connect | 2024-09-25 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through 0.1.0.24. | |||||
| CVE-2024-31352 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-09-25 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.13. | |||||
| CVE-2024-31350 | 1 Strategy11 | 1 Awp Classifieds | 2024-09-25 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1. | |||||
| CVE-2023-36684 | 1 Brainstormforce | 1 Convert Pro | 2024-09-20 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through 1.7.5. | |||||
| CVE-2023-36676 | 1 Brainstormforce | 1 Spectra | 2024-09-20 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6. | |||||
| CVE-2024-45591 | 1 Xwiki | 1 Xwiki | 2024-09-20 | N/A | 5.3 MEDIUM |
| XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1. | |||||
| CVE-2023-41805 | 1 Brainstormforce | 1 Starter Templates | 2024-09-20 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5; Starter Templates: from n/a through 3.2.5. | |||||
| CVE-2023-44148 | 1 Brainstormforce | 1 Astra | 2024-09-20 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7. | |||||
| CVE-2024-6303 | 1 Conduit | 1 Conduit | 2024-09-20 | N/A | 8.8 HIGH |
| Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more | |||||
| CVE-2023-44151 | 1 Brainstormforce | 1 Pre-publish Checklist | 2024-09-20 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1. | |||||
| CVE-2023-39298 | 1 Qnap | 2 Qts, Quts Hero | 2024-09-20 | N/A | 7.8 HIGH |
| A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors. QuTScloud, is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2737 build 20240417 and later QuTS hero h5.2.0.2782 build 20240601 and later | |||||
| CVE-2024-4450 | 1 Ali2woo | 1 Aliexpress Dropshipping With Alinext | 2024-09-20 | N/A | 6.3 MEDIUM |
| The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products. | |||||
| CVE-2023-40654 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-09-19 | N/A | 6.7 MEDIUM |
| In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed | |||||
| CVE-2024-1804 | 1 Themeum | 1 Tutor Lms - Migration Tool | 2024-09-19 | N/A | 4.3 MEDIUM |
| The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses. | |||||