Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1121 | 1 Hookturn | 1 Advanced Forms For Acf | 2024-02-13 | N/A | 5.3 MEDIUM |
| The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings. | |||||
| CVE-2024-0791 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2024-02-13 | N/A | 4.3 MEDIUM |
| The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms. | |||||
| CVE-2024-0835 | 1 Royal-elementor-addons | 1 Royal Elementor Kit | 2024-02-13 | N/A | 4.3 MEDIUM |
| The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values. | |||||
| CVE-2023-6985 | 1 10web | 1 Ai Assistant | 2024-02-13 | N/A | 8.8 HIGH |
| The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site. | |||||
| CVE-2024-1177 | 1 Wpclubmanager | 1 Wp Club Manager | 2024-02-13 | N/A | 5.3 MEDIUM |
| The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs | |||||
| CVE-2023-4637 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-02-12 | N/A | 5.3 MEDIUM |
| The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID. | |||||
| CVE-2024-1109 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-02-10 | N/A | 5.3 MEDIUM |
| The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information. | |||||
| CVE-2024-0372 | 1 Formviewswp | 1 Views For Wpforms | 2024-02-10 | N/A | 4.3 MEDIUM |
| The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. | |||||
| CVE-2024-0371 | 1 Formviewswp | 1 Views For Wpforms | 2024-02-10 | N/A | 4.3 MEDIUM |
| The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. | |||||
| CVE-2024-0370 | 1 Formviewswp | 1 Views For Wpforms | 2024-02-09 | N/A | 4.3 MEDIUM |
| The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts. | |||||
| CVE-2023-6700 | 1 Cookieinformation | 1 Wp-gdpr-compliance | 2024-02-09 | N/A | 8.8 HIGH |
| The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts. | |||||
| CVE-2023-47148 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-02-08 | N/A | 7.5 HIGH |
| IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599. | |||||
| CVE-2024-1047 | 1 Themeisle | 1 Orbit Fox | 2024-02-08 | N/A | 5.3 MEDIUM |
| The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys. | |||||
| CVE-2022-2732 | 1 Open-emr | 1 Openemr | 2024-02-08 | N/A | 8.3 HIGH |
| Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1. | |||||
| CVE-2023-6020 | 1 Ray Project | 1 Ray | 2024-02-08 | N/A | 7.5 HIGH |
| LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. | |||||
| CVE-2023-1705 | 1 Forcepoint | 1 One Smartedge Agent | 2024-02-08 | N/A | 7.8 HIGH |
| Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554. | |||||
| CVE-2024-0836 | 1 Radiustheme | 1 Review Schema | 2024-02-05 | N/A | 4.3 MEDIUM |
| The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews. | |||||
| CVE-2024-0617 | 1 Quanticedgesolutions | 1 Category Discount Woocommerce | 2024-02-02 | N/A | 5.3 MEDIUM |
| The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue. | |||||
| CVE-2023-40089 | 1 Google | 1 Android | 2024-02-02 | N/A | 7.8 HIGH |
| In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40094 | 1 Google | 1 Android | 2024-02-02 | N/A | 7.8 HIGH |
| In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||