Total
5310 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13530 | 2025-01-31 | 4.3 Medium | ||
| The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the lps_handle_delete_all_logs(), lps_handle_delete_login_log(), and lps_handle_end_session() functions in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete login logs and end user sessions. | ||||
| CVE-2025-22265 | 2025-01-31 | 6.5 Medium | ||
| Missing Authorization vulnerability in mgplugin EMI Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EMI Calculator: from n/a through 1.1. | ||||
| CVE-2025-22720 | 2025-01-31 | 5.8 Medium | ||
| Missing Authorization vulnerability in MagePeople Team Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.1. | ||||
| CVE-2022-0236 | 1 Vjinfotech | 2 Wp Import Export, Wp Import Export Lite | 2025-01-31 | 7.5 High |
| The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or exported information from a vulnerable site which can contain sensitive information like user data. This affects versions up to, and including, 3.9.15. | ||||
| CVE-2022-3400 | 1 Bricksbuilder | 1 Bricks | 2025-01-31 | 6.5 Medium |
| The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website. | ||||
| CVE-2024-24718 | 1 Wp-property-hive | 1 Propertyhive | 2025-01-31 | 4.3 Medium |
| Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6. | ||||
| CVE-2024-13652 | 1 Ecpay | 1 Ecpay Ecommerce For Woocommerce | 2025-01-31 | 4.3 Medium |
| The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's log files. | ||||
| CVE-2023-45765 | 1 Wedevs | 1 Wp Erp | 2025-01-31 | 4.3 Medium |
| Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6. | ||||
| CVE-2024-0593 | 1 Presstigers | 1 Simple Job Board | 2025-01-31 | 5.3 Medium |
| The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information. | ||||
| CVE-2024-13312 | 2025-01-31 | 5.3 Medium | ||
| Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9. | ||||
| CVE-2023-22728 | 1 Silverstripe | 1 Framework | 2025-01-31 | 4.3 Medium |
| Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | ||||
| CVE-2024-54155 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.7 Low |
| In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | ||||
| CVE-2024-54153 | 1 Jetbrains | 1 Youtrack | 2025-01-31 | 3.1 Low |
| In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | ||||
| CVE-2022-45351 | 1 Muffingroup | 1 Betheme | 2025-01-31 | 5.4 Medium |
| Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | ||||
| CVE-2022-45352 | 1 Muffingroup | 1 Betheme | 2025-01-31 | 5.4 Medium |
| Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | ||||
| CVE-2022-45356 | 1 Muffingroup | 1 Betheme | 2025-01-31 | 5.4 Medium |
| Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | ||||
| CVE-2023-39998 | 1 Muffingroup | 1 Betheme | 2025-01-31 | 8.2 High |
| Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1. | ||||
| CVE-2022-45349 | 1 Muffingroup | 1 Betheme | 2025-01-31 | 4.3 Medium |
| Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1. | ||||
| CVE-2024-1380 | 1 Relevanssi | 1 Relevanssi | 2025-01-31 | 5.3 Medium |
| The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is. | ||||
| CVE-2024-1991 | 1 Metagauss | 1 Registrationmagic | 2025-01-31 | 8.8 High |
| The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator | ||||