Total
5252 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11712 | 1 Wpjobportal | 1 Wp Job Portal | 2025-02-05 | 5.3 Medium |
| The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes. | ||||
| CVE-2024-1690 | 1 Standalonetech | 1 Terawallet | 2025-02-05 | 4.3 Medium |
| The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawallet_export_user_search() function in all versions up to, and including, 1.4.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to export a list of registered users and their emails. | ||||
| CVE-2023-39922 | 1 Theme-fusion | 1 Avada | 2025-02-05 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.1. | ||||
| CVE-2024-32799 | 1 Realestateconnected | 1 Easy Property Listings | 2025-02-05 | 5.3 Medium |
| Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3. | ||||
| CVE-2024-10402 | 2 Incsub, Wpmudev | 2 Forminator, Forminator Forms | 2025-02-05 | 7.5 High |
| The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to create new or edit existing forms, including updating the default registration role to Administrator on User Registration forms. | ||||
| CVE-2023-45101 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2025-02-05 | 4.3 Medium |
| Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through 5.36.0. | ||||
| CVE-2023-51692 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2025-02-05 | 4.3 Medium |
| Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1. | ||||
| CVE-2024-11601 | 1 Wowdevs | 1 Sky Addons For Elementor | 2025-02-05 | 8.1 High |
| The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the save_options() function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please note this is limited to option values that can be saved as arrays. | ||||
| CVE-2024-11104 | 1 Wowdevs | 1 Sky Addons For Elementor | 2025-02-05 | 8.1 High |
| The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the save_options() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. Please note this is limited to option values that can be saved as arrays. | ||||
| CVE-2024-10614 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2025-02-05 | 4.3 Medium |
| The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel and import or check on the status. | ||||
| CVE-2024-3869 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2025-02-05 | 4.3 Medium |
| The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes. | ||||
| CVE-2024-3243 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2025-02-05 | 4.3 Medium |
| The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails. | ||||
| CVE-2022-45806 | 1 Strategy11 | 1 Formidable Forms | 2025-02-05 | 4.3 Medium |
| Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4. | ||||
| CVE-2023-47188 | 1 Presstigers | 1 Simple Job Board | 2025-02-05 | 5.3 Medium |
| Missing Authorization vulnerability in PressTigers Simple Job Board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Job Board: from n/a through 2.10.5. | ||||
| CVE-2023-40003 | 1 Wedevs | 1 Wp Project Manager | 2025-02-05 | 6.5 Medium |
| Missing Authorization vulnerability in weDevs WP Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through 2.6.7. | ||||
| CVE-2024-13335 | 1 Templatescoder | 1 Spexo Addons For Elementor | 2025-02-05 | 4.3 Medium |
| The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install a theme. | ||||
| CVE-2025-24143 | 2 Apple, Redhat | 6 Ipados, Macos, Safari and 3 more | 2025-02-04 | 6.5 Medium |
| The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user. | ||||
| CVE-2025-24116 | 1 Apple | 1 Macos | 2025-02-04 | 4.4 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to bypass Privacy preferences. | ||||
| CVE-2024-24832 | 1 Metagauss | 1 Eventprime | 2025-02-04 | 8.2 High |
| Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | ||||
| CVE-2024-13368 | 1 Kainelabs | 1 Youzify | 2025-02-04 | 4.3 Medium |
| The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the youzify_offer_banner() function in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary site options to a value of one. | ||||