Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37202 | 2024-07-12 | N/A | N/A | ||
| Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter allows Cross-Site Scripting (XSS).This issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through 1.222.16. | |||||
| CVE-2024-37544 | 2024-07-12 | N/A | N/A | ||
| Missing Authorization vulnerability in Tobias Conrad Get Better Reviews for WooCommerce.This issue affects Get Better Reviews for WooCommerce: from n/a through 4.0.6. | |||||
| CVE-2024-35672 | 1 Netgsm | 1 Netgsm | 2024-07-11 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.19. | |||||
| CVE-2024-39596 | 2024-07-09 | N/A | N/A | ||
| Due to missing authorization checks, SAP Enable Now allows an author to escalate privileges to access information which should otherwise be restricted. On successful exploitation, the attacker can cause limited impact on confidentiality of the application. | |||||
| CVE-2024-34804 | 2024-07-08 | N/A | N/A | ||
| Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8. | |||||
| CVE-2024-5545 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2024-07-05 | N/A | 5.3 MEDIUM |
| The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stm_edit_delete_user_car function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to unpublish arbitrary posts and pages. | |||||
| CVE-2024-1634 | 1 Startbooking | 1 Scheduling Plugin - Online Booking | 2024-07-05 | N/A | 6.5 MEDIUM |
| The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data. | |||||
| CVE-2024-6375 | 1 Mongodb | 1 Mongodb | 2024-07-03 | N/A | 6.5 MEDIUM |
| A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3. | |||||
| CVE-2022-26581 | 1 Paxtechnology | 2 A930, Paydroid | 2024-07-03 | N/A | 6.8 MEDIUM |
| PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability. | |||||
| CVE-2024-6088 | 1 Thimpress | 1 Learnpress | 2024-07-02 | N/A | 5.3 MEDIUM |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user registration to create a new account with the default role. | |||||
| CVE-2024-6012 | 1 Stylemixthemes | 1 Cost Calculator Builder | 2024-07-02 | N/A | 4.3 MEDIUM |
| The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary posts and append arbitrary content to existing posts. | |||||
| CVE-2024-6071 | 2024-06-28 | N/A | N/A | ||
| PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the server. | |||||
| CVE-2024-2882 | 2024-06-27 | N/A | N/A | ||
| SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system. | |||||
| CVE-2024-0949 | 2024-06-27 | N/A | 9.8 CRITICAL | ||
| Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68. | |||||
| CVE-2024-6120 | 1 Wpneuron | 1 Sparkle Demo Importer | 2024-06-24 | N/A | 6.5 MEDIUM |
| The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all posts, pages, and uploaded files, as well as download and install a limited set of demo plugins. | |||||
| CVE-2023-51375 | 1 Wpdeveloper | 1 Embedpress | 2024-06-24 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.8.3. | |||||
| CVE-2022-45803 | 1 Gutenbergforms | 1 Gutenberg Forms | 2024-06-24 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms.This issue affects WordPress Form Builder Plugin – Gutenberg Forms: from n/a through 2.2.8.3. | |||||
| CVE-2022-43453 | 1 Billminozzi | 1 Wp Tools | 2024-06-24 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through 3.41. | |||||
| CVE-2023-40608 | 2024-06-20 | N/A | N/A | ||
| Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3. | |||||
| CVE-2023-40004 | 2024-06-20 | N/A | N/A | ||
| Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box Extension: from n/a through 1.53; All-in-One WP Migration OneDrive Extension: from n/a through 1.66; All-in-One WP Migration Dropbox Extension: from n/a through 3.75; All-in-One WP Migration Google Drive Extension: from n/a through 2.79. | |||||