Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39312 | 1 Theme-fusion | 1 Avada | 2024-07-31 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. | |||||
| CVE-2024-5861 | 1 Wpeasypay | 1 Wp Easypay | 2024-07-29 | N/A | 6.5 MEDIUM |
| The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect square. | |||||
| CVE-2024-6836 | 1 Funnelkit | 1 Funnel Builder | 2024-07-29 | N/A | 4.3 MEDIUM |
| The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to update multiple settings, including templates, designs, checkouts, and other plugin settings. | |||||
| CVE-2023-52117 | 1 Metagauss | 1 Profilegrid | 2024-07-29 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6. | |||||
| CVE-2024-0972 | 1 Membersonly | 1 Buddypress Members Only | 2024-07-25 | N/A | 5.3 MEDIUM |
| The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to Guest" feature (when unset) and view restricted page and post content. | |||||
| CVE-2024-2017 | 1 Edmonsoft | 1 Countdown Builder | 2024-07-25 | N/A | 5.4 MEDIUM |
| The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns. | |||||
| CVE-2024-1175 | 1 Plechevandrey | 1 Wp-recall | 2024-07-24 | N/A | 5.3 MEDIUM |
| The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments. | |||||
| CVE-2022-48318 | 1 Checkmk | 1 Checkmk | 2024-07-23 | N/A | 5.3 MEDIUM |
| No authorisation controls in the RestAPI documentation for Tribe29's Checkmk <= 2.1.0p13 and Checkmk <= 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation. | |||||
| CVE-2023-25799 | 1 Themeum | 1 Tutor Lms | 2024-07-23 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8. | |||||
| CVE-2023-52217 | 1 Wedevs | 1 Woocommerce Conversion Tracking | 2024-07-23 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | |||||
| CVE-2024-24704 | 1 Addonmaster | 1 Load More Anything | 2024-07-23 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3. | |||||
| CVE-2024-34824 | 1 Themeboy | 1 Sportspress | 2024-07-23 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20. | |||||
| CVE-2024-35692 | 1 Termly | 1 Gdpr Cookie Consent Banner | 2024-07-23 | N/A | 7.3 HIGH |
| Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2. | |||||
| CVE-2024-35716 | 1 Copymatic | 1 Copymatic | 2024-07-23 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.9. | |||||
| CVE-2024-4898 | 1 Instawp | 1 Instawp Connect | 2024-07-23 | N/A | 9.8 CRITICAL |
| The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts. | |||||
| CVE-2024-30534 | 1 Typps | 1 Calendarista | 2024-07-22 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.5. | |||||
| CVE-2023-52232 | 1 Booster | 1 Booster For Woocommerce | 2024-07-22 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. | |||||
| CVE-2023-52230 | 1 Booster | 1 Booster For Woocommerce | 2024-07-22 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3. | |||||
| CVE-2024-30537 | 1 Wpclever | 1 Wpc Badge Management For Woocommerce | 2024-07-22 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through 2.4.0. | |||||
| CVE-2024-30538 | 1 Delucks | 1 Delucks Seo | 2024-07-22 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through 2.5.4. | |||||