Total
6403 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9686 | 1 Choplugins | 1 Order Notification For Telegram | 2024-11-06 | 5.3 Medium |
| The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to send a test message via the Telegram Bot API to the user configured in the settings. | ||||
| CVE-2024-43219 | 1 Woocommerce | 1 Persian-woocommerce | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6. | ||||
| CVE-2024-47362 | 1 Wpchill | 1 Strong Testimonials | 2024-11-05 | 4.3 Medium |
| Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16. | ||||
| CVE-2024-43290 | 1 Atarim | 1 Atarim | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0.1. | ||||
| CVE-2024-43277 | 1 Ayecode | 1 Userswp | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in AyeCode Ltd UsersWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through 1.2.15. | ||||
| CVE-2024-43274 | 1 Jshelpdesk | 1 Jshelpdesk | 2024-11-05 | 5.8 Medium |
| Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.6. | ||||
| CVE-2024-43270 | 1 Wpbackitup | 1 Wp Backitup | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50. | ||||
| CVE-2024-43120 | 1 Gmo | 1 Typesquare Webfonts For Conoha | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7. | ||||
| CVE-2024-9584 | 1 Webcraftplugins | 1 Image Map Pro | 2024-11-05 | 5.4 Medium |
| The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or above, to add, update or delete map projects. | ||||
| CVE-2024-43212 | 1 Magepeople | 1 Wptravelly | 2024-11-05 | 7.5 High |
| Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7. | ||||
| CVE-2024-43209 | 1 Bitly | 1 Bitly | 2024-11-05 | 6.5 Medium |
| Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2. | ||||
| CVE-2024-38771 | 1 Atarim | 1 Atarim | 2024-11-05 | 6.5 Medium |
| Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0. | ||||
| CVE-2024-38745 | 1 Rymera | 1 Wholesale Suite | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in Rymera Web Co Wholesale Suite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wholesale Suite: from n/a through 2.1.12. | ||||
| CVE-2024-38744 | 1 Upqode | 1 Plum | 2024-11-05 | 8.3 High |
| Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0. | ||||
| CVE-2024-10598 | 2 Tongda, Tongda2000 | 2 Oa 2017, Office Anywhere | 2024-11-04 | 5.3 Medium |
| A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-37516 | 2024-11-04 | 6.3 Medium | ||
| Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.2. | ||||
| CVE-2024-37517 | 2024-11-04 | 4.3 Medium | ||
| Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.13.7. | ||||
| CVE-2024-43143 | 2024-11-04 | 6.4 Medium | ||
| Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the Events Calendar: from n/a through 2.12.1. | ||||
| CVE-2024-37411 | 1 Emilia | 1 Progress Planner | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in Team Emilia Projects Progress Planner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Progress Planner: from n/a through 0.9.1. | ||||
| CVE-2024-37477 | 2024-11-01 | 6.5 Medium | ||
| Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5. | ||||