Total
5347 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11816 | 1 Wpextended | 1 Ultimate Wordpress Toolkit | 2025-01-17 | 8.8 High |
| The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet. | ||||
| CVE-2024-11270 | 1 Webinarpress | 1 Webinarpress | 2025-01-17 | 8.8 High |
| The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution. | ||||
| CVE-2024-11271 | 1 Webinarpress | 1 Webinarpress | 2025-01-17 | 8.8 High |
| The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify webinars. | ||||
| CVE-2025-23962 | 2025-01-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in Goldstar Goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through 2.1.1. | ||||
| CVE-2024-10853 | 1 Zixn | 1 Buy One Click Woocommerce | 2025-01-17 | 4.3 Medium |
| The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete Buy one click WooCommerce orders. | ||||
| CVE-2024-10854 | 1 Zixn | 1 Buy One Click Woocommerce | 2025-01-17 | 4.3 Medium |
| The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import plugin settings. | ||||
| CVE-2025-23961 | 2025-01-17 | 5.4 Medium | ||
| Missing Authorization vulnerability in WP Tasker WordPress Graphs & Charts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through 2.0.8. | ||||
| CVE-2024-31343 | 1 Sonaar | 1 Mp3 Audio Player For Music\, Radio \& Podcast | 2025-01-17 | 7.5 High |
| Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1. | ||||
| CVE-2025-23423 | 2025-01-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in Smackcoders SendGrid for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n/a through 1.4. | ||||
| CVE-2025-23776 | 2025-01-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2. | ||||
| CVE-2025-23778 | 2025-01-17 | 5.4 Medium | ||
| Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through 1.3.2. | ||||
| CVE-2025-23785 | 2025-01-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4. | ||||
| CVE-2025-23862 | 2025-01-17 | 5.3 Medium | ||
| Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through 1.0.1. | ||||
| CVE-2025-23916 | 2025-01-17 | 5.4 Medium | ||
| Missing Authorization vulnerability in Nuanced Media WP Meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through 2.3.0. | ||||
| CVE-2025-23929 | 2025-01-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2. | ||||
| CVE-2025-23917 | 2025-01-17 | 5.4 Medium | ||
| Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.8. | ||||
| CVE-2025-23930 | 2025-01-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2. | ||||
| CVE-2023-31826 | 1 Skyscreamer | 1 Nevado Jms | 2025-01-17 | 7.8 High |
| Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data. | ||||
| CVE-2023-27304 | 1 Cybozu | 1 Garoon | 2025-01-17 | 4.3 Medium |
| Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. | ||||
| CVE-2025-23761 | 2025-01-17 | 5.4 Medium | ||
| Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2. | ||||