Total
5342 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23656 | 2025-01-27 | 6.5 Medium | ||
| Missing Authorization vulnerability in Saul Morales Pacheco Donate visa allows Stored XSS. This issue affects Donate visa: from n/a through 1.0.0. | ||||
| CVE-2024-10574 | 2025-01-27 | 7.2 High | ||
| The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This makes it possible for unauthenticated attackers to modify the Google Sheets integration credentials within the plugin's settings. Because the 'client_id' parameter is not sanitized or escaped when used in output, this vulnerability could also be leveraged to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-24584 | 2025-01-27 | 4.3 Medium | ||
| Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0. | ||||
| CVE-2025-22610 | 2025-01-24 | N/A | ||
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the global coolify instance OAuth configuration. This exposes the "client id" and "client secret" for every custom OAuth provider. The attacker can also modify the global OAuth configuration. Version 4.0.0-beta.361 fixes the issue. | ||||
| CVE-2024-13447 | 1 Thimpress | 1 Wp Hotel Booking | 2025-01-24 | 4.3 Medium |
| The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a list of registered user emails. | ||||
| CVE-2025-24580 | 2025-01-24 | 6.5 Medium | ||
| Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 12 Step Meeting List: from n/a through 3.16.5. | ||||
| CVE-2025-24591 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1. | ||||
| CVE-2025-24571 | 2025-01-24 | 5.4 Medium | ||
| Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.78.258. | ||||
| CVE-2025-24589 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in JS Morisset JSM Show Post Metadata allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JSM Show Post Metadata: from n/a through 4.6.0. | ||||
| CVE-2025-24594 | 2025-01-24 | 6.5 Medium | ||
| Missing Authorization vulnerability in Speedcomp Linet ERP-Woocommerce Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.7. | ||||
| CVE-2025-24604 | 2025-01-24 | 5.4 Medium | ||
| Missing Authorization vulnerability in Vikas Ratudi VForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VForm: from n/a through 3.0.5. | ||||
| CVE-2025-24618 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1. | ||||
| CVE-2025-24613 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in Foliovision FV Thoughtful Comments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FV Thoughtful Comments: from n/a through 0.3.5. | ||||
| CVE-2025-24652 | 2025-01-24 | 5.4 Medium | ||
| Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6. | ||||
| CVE-2025-24625 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/a through 5.1. | ||||
| CVE-2025-24649 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2. | ||||
| CVE-2025-24679 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in webraketen Internal Links Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Links Manager: from n/a through 2.5.2. | ||||
| CVE-2025-24693 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in Yehi Advanced Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Notifications: from n/a through 1.2.7. | ||||
| CVE-2025-24691 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in Gagan Sandhu , Enej Bajgoric , CTLT DEV, UBC People Lists allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects People Lists: from n/a through 1.3.10. | ||||
| CVE-2024-4223 | 1 Themeum | 1 Tutor Lms | 2025-01-24 | 9.8 Critical |
| The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data. | ||||