Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30539 | 1 Getawesomesupport | 1 Awesome Support | 2024-07-22 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. | |||||
| CVE-2023-51524 | 1 Weformspro | 1 Weforms | 2024-07-19 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18. | |||||
| CVE-2024-5703 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-07-19 | N/A | 4.3 MEDIUM |
| The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access the API (provided it is enabled) and add, edit, and delete audience users. | |||||
| CVE-2024-6660 | 1 Reputeinfosystems | 1 Bookingpress | 2024-07-19 | N/A | 8.8 HIGH |
| The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary files. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-6033 | 1 Themewinter | 1 Eventin | 2024-07-19 | N/A | 4.3 MEDIUM |
| The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to import events, speakers, schedules and attendee data. | |||||
| CVE-2023-51680 | 1 Technovama | 1 Quotes For Woocommerce | 2024-07-18 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1. | |||||
| CVE-2023-51537 | 1 Awesomesupport | 1 Awesome Support Wordpress Helpdesk \& Support | 2024-07-18 | N/A | 7.3 HIGH |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5. | |||||
| CVE-2023-51679 | 1 Bulkgate | 1 Sms Plugin For Woocommerce | 2024-07-18 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2. | |||||
| CVE-2023-51671 | 1 Funnelkit | 1 Funnelkit Checkout | 2024-07-18 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | |||||
| CVE-2023-51670 | 1 Funnelkit | 1 Funnelkit Checkout | 2024-07-18 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | |||||
| CVE-2023-51376 | 1 Brainstormforce | 1 Surefeedback | 2024-07-18 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34. | |||||
| CVE-2024-21748 | 1 Icegram | 1 Icegram Express | 2024-07-17 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21. | |||||
| CVE-2024-3961 | 1 Convertkit | 1 Convertkit - Email Marketing\, Email Newsletter And Landing Pages | 2024-07-17 | N/A | 5.3 MEDIUM |
| The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded. | |||||
| CVE-2024-3610 | 1 Wensolutions | 1 Wp Child Theme Generator | 2024-07-17 | N/A | 5.3 MEDIUM |
| The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child theme and activate it cause the site to whitescreen. | |||||
| CVE-2024-1955 | 1 Wprepublic | 1 Hide Dashboard Notifications | 2024-07-17 | N/A | 4.3 MEDIUM |
| The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings. | |||||
| CVE-2023-6966 | 1 Themoneytizer | 1 The Moneytizer | 2024-07-15 | N/A | 8.1 HIGH |
| The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/core_ajax.php file in all versions up to, and including, 9.5.20. This makes it possible for authenticated attackers, with subscriber access and above, to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions. | |||||
| CVE-2024-3627 | 1 Kraftplugins | 1 Wheel Of Life | 2024-07-15 | N/A | 5.4 MEDIUM |
| The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings. | |||||
| CVE-2024-3602 | 1 Promolayer | 1 Popup Builder | 2024-07-15 | N/A | 4.3 MEDIUM |
| The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection. | |||||
| CVE-2023-3204 | 1 Extendthemes | 1 Materialis | 2024-07-15 | N/A | 6.5 MEDIUM |
| The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to modify any option on the site to a numerical value. | |||||
| CVE-2024-0619 | 1 Payflex | 1 Payment Gateway | 2024-07-12 | N/A | 5.3 MEDIUM |
| The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss. | |||||