Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30526 | 1 Jenkins | 1 Report Portal | 2025-02-07 | N/A | 6.5 MEDIUM |
| A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. | |||||
| CVE-2023-30519 | 1 Jenkins | 1 Quay.io Trigger | 2025-02-07 | N/A | 5.3 MEDIUM |
| A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. | |||||
| CVE-2023-30522 | 1 Jenkins | 1 Fogbugz | 2025-02-07 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobs specified in a 'jobname' request parameter. | |||||
| CVE-2024-43162 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.2.12. | |||||
| CVE-2023-40005 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5. | |||||
| CVE-2024-1053 | 1 Liquidweb | 1 Event Tickets | 2025-02-07 | N/A | N/A |
| The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves. | |||||
| CVE-2025-24753 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-02-07 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.3.1. | |||||
| CVE-2025-25120 | 2025-02-07 | N/A | N/A | ||
| Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3. | |||||
| CVE-2025-25081 | 2025-02-07 | N/A | N/A | ||
| Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1. | |||||
| CVE-2025-25110 | 2025-02-07 | N/A | N/A | ||
| Missing Authorization vulnerability in Metagauss Event Kikfyre allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Kikfyre: from n/a through 2.1.8. | |||||
| CVE-2025-1084 | 2025-02-07 | N/A | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql ????????? 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2782 | 1 Fluentforms | 1 Contact Form | 2025-02-06 | N/A | N/A |
| The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to modify all of the plugin's settings. | |||||
| CVE-2024-2771 | 1 Fluentforms | 1 Contact Form | 2025-02-06 | N/A | N/A |
| The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's settings and features. This also makes it possible for unauthenticated attackers to delete manager accounts. | |||||
| CVE-2023-1371 | 1 W4 Post List Project | 1 W4 Post List | 2025-02-06 | N/A | 6.5 MEDIUM |
| The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them | |||||
| CVE-2024-11715 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-06 | N/A | 9.8 CRITICAL |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an employer. | |||||
| CVE-2024-2844 | 1 Easy-appointments | 1 Easy Appointments | 2025-02-05 | N/A | N/A |
| The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders. | |||||
| CVE-2023-21091 | 1 Google | 1 Android | 2025-02-05 | N/A | 5.5 MEDIUM |
| In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. This could lead to local denial of service across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257954050 | |||||
| CVE-2024-2538 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2025-02-05 | N/A | 4.3 MEDIUM |
| The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts. | |||||
| CVE-2024-12129 | 1 Wp-royal-themes | 1 Royal Core | 2025-02-05 | N/A | 8.8 HIGH |
| The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-2543 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2025-02-05 | N/A | N/A |
| The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts. | |||||