Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6491 | 1 Motopress | 1 Getwid | 2025-02-04 | N/A | N/A |
| The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key. | |||||
| CVE-2024-45760 | 1 Dell | 1 Openmanage Server Administrator | 2025-02-04 | N/A | 8.8 HIGH |
| Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges. | |||||
| CVE-2024-3213 | 1 Relevanssi | 1 Relevanssi | 2025-02-04 | N/A | 8.2 HIGH |
| The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS. | |||||
| CVE-2024-33647 | 2025-02-04 | N/A | N/A | ||
| A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed projects. | |||||
| CVE-2024-3607 | 1 Wp-property-hive | 1 Propertyhive | 2025-02-04 | N/A | N/A |
| The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts | |||||
| CVE-2023-1414 | 1 Rextheme | 1 Wp Vr | 2025-02-04 | N/A | 4.3 MEDIUM |
| The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours | |||||
| CVE-2023-49831 | 1 Metagauss | 1 Registrationmagic | 2025-02-04 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in Metagauss User Registration Forms RegistrationMagic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through 5.2.3.0. | |||||
| CVE-2025-22696 | 2025-02-04 | N/A | N/A | ||
| Missing Authorization vulnerability in EmbedPress Document Block – Upload & Embed Docs. This issue affects Document Block – Upload & Embed Docs: from n/a through 1.1.0. | |||||
| CVE-2024-13529 | 2025-02-04 | N/A | 6.5 MEDIUM | ||
| The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download arbitrary files from the target system. | |||||
| CVE-2025-22686 | 2025-02-03 | N/A | N/A | ||
| Missing Authorization vulnerability in GSheetConnector CF7 Google Sheets Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Google Sheets Connector: from n/a through 5.0.17. | |||||
| CVE-2025-23527 | 2025-02-03 | N/A | N/A | ||
| Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WC Wallet: from n/a through 2.2.0. | |||||
| CVE-2025-22677 | 2025-02-03 | N/A | N/A | ||
| Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3. | |||||
| CVE-2025-24697 | 2025-02-03 | N/A | N/A | ||
| Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Gallery – Responsive Photo Gallery: from n/a through 1.0.5. | |||||
| CVE-2025-22681 | 2025-02-03 | N/A | N/A | ||
| Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1. | |||||
| CVE-2025-24642 | 2025-02-03 | N/A | N/A | ||
| Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2. | |||||
| CVE-2025-22260 | 2025-02-03 | N/A | N/A | ||
| Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1. | |||||
| CVE-2025-22694 | 2025-02-03 | N/A | N/A | ||
| Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0. | |||||
| CVE-2025-24643 | 2025-02-03 | N/A | N/A | ||
| Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0. | |||||
| CVE-2023-23715 | 1 Ultimatemember | 1 Jobboardwp | 2025-02-03 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in JobBoardWP JobBoardWP – Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP – Job Board Listings and Submissions: from n/a through 1.2.2. | |||||
| CVE-2024-53816 | 1 Themeum | 1 Tutor Lms Elementor Addons | 2025-02-03 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5. | |||||