Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31283 | 1 Zorem | 1 Advanced Local Pickup For Woocommerce | 2024-06-12 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.2. | |||||
| CVE-2024-31304 | 1 Multivendorx | 1 Multivendorx | 2024-06-12 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.1.3. | |||||
| CVE-2024-31284 | 1 Wpdeveloper | 1 Embedpress | 2024-06-12 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8. | |||||
| CVE-2024-32081 | 1 Websupporter Filter Custom Fields \& Taxonomies Light Project | 1 Websupporter Filter Custom Fields \& Taxonomies Light | 2024-06-12 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05. | |||||
| CVE-2024-34802 | 1 Wpfoxly | 1 Adfoxly | 2024-06-12 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5. | |||||
| CVE-2024-35662 | 1 83pixel | 1 Simple Cod Fees For Woocommerce | 2024-06-12 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fees for WooCommerce.This issue affects Simple COD Fees for WooCommerce: from n/a through 2.0.2. | |||||
| CVE-2024-35661 | 1 Softlabbd | 1 Upload Fields For Wpforms | 2024-06-12 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2. | |||||
| CVE-2024-35748 | 1 Opmc | 1 Woocommerce Dropshipping | 2024-06-12 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4. | |||||
| CVE-2024-5382 | 1 Master-addons | 1 Master Addons | 2024-06-11 | N/A | 5.3 MEDIUM |
| The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it possible for unauthenticated attackers to create or modify existing Master Addons templates or make settings modifications related to these templates. | |||||
| CVE-2024-5489 | 1 Wbcomdesigns | 1 Custom Font Uploader | 2024-06-11 | N/A | 4.3 MEDIUM |
| The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete any custom font. | |||||
| CVE-2024-5665 | 1 Xootix | 1 Login\/signup Popup | 2024-06-11 | N/A | 4.3 MEDIUM |
| The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary options on affected sites. | |||||
| CVE-2024-5453 | 1 Metagauss | 1 Profilegrid | 2024-06-11 | N/A | 4.3 MEDIUM |
| The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options to the value '1' or change group icons. | |||||
| CVE-2024-4088 | 1 Wpattire | 1 Attire Blocks | 2024-06-11 | N/A | 4.3 MEDIUM |
| The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subscriber access or above, to change the plugin's settings. Additionally, no nonce check is performed resulting in a CSRF vulnerability. | |||||
| CVE-2024-30525 | 1 Moveaddons | 1 Move Addons For Elementor | 2024-06-11 | N/A | 7.3 HIGH |
| Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a through 1.2.9. | |||||
| CVE-2024-30528 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-06-11 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10. | |||||
| CVE-2024-30484 | 1 Risethemes | 1 Rt Easy Builder | 2024-06-11 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue affects RT Easy Builder – Advanced addons for Elementor: from n/a through 2.0. | |||||
| CVE-2024-34813 | 2024-06-11 | N/A | N/A | ||
| Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.8. | |||||
| CVE-2024-35685 | 2024-06-11 | N/A | N/A | ||
| Missing Authorization vulnerability in Anders Norén Radcliffe 2.This issue affects Radcliffe 2: from n/a through 2.0.17. | |||||
| CVE-2024-0596 | 1 Getawesomesupport | 1 Awesome Support | 2024-06-10 | N/A | 5.3 MEDIUM |
| The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. | |||||
| CVE-2024-32804 | 2024-06-10 | N/A | N/A | ||
| Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.This issue affects WP GoToWebinar: from n/a through 14.46. | |||||