Total
5148 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13816 | 1 Coderevolution | 1 Aiomatic | 2025-03-24 | 5.4 Medium |
| The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete posts, list and delete batches, list assistant uploaded files, delete personas, delete forms, delete templates, and clear logs. The vulnerability was partially patched in version 2.3.5. | ||||
| CVE-2023-6785 | 1 W3eden | 1 Download Manager | 2025-03-21 | 5.3 Medium |
| The Download Manager plugin for WordPress is vulnerable to unauthorized file download of files added via the plugin in all versions up to, and including, 3.2.84. This makes it possible for unauthenticated attackers to download files added with the plugin (even when privately published). | ||||
| CVE-2023-45631 | 1 Wpdevart | 1 Gallery | 2025-03-21 | 4.3 Medium |
| Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | ||||
| CVE-2023-24407 | 1 Wpdevart | 1 Booking Calendar | 2025-03-21 | 5 Medium |
| Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3. | ||||
| CVE-2024-2043 | 1 Theinnovs | 1 Eleforms | 2025-03-21 | 5.3 Medium |
| The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for unauthenticated attackers to view form submissions. | ||||
| CVE-2021-25087 | 1 W3eden | 1 Download Manager | 2025-03-21 | 7.5 High |
| The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25). | ||||
| CVE-2024-56217 | 1 W3eden | 1 Download Manager | 2025-03-21 | 4.3 Medium |
| Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03. | ||||
| CVE-2025-24974 | 1 Dataease | 1 Dataease | 2025-03-21 | 6.5 Medium |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, authenticated users can read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.6. No known workarounds are available. | ||||
| CVE-2023-46628 | 1 Redlettuce | 1 Wp Word Count | 2025-03-21 | 4.3 Medium |
| Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4. | ||||
| CVE-2025-2103 | 1 Irontemplates | 1 Soundrise | 2025-03-21 | 8.8 High |
| The SoundRise Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on theironMusic_ajax() function in all versions up to, and including, 1.6.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-56227 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-03-21 | 4.3 Medium |
| Missing Authorization vulnerability in WP Royal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through 1.7.1001. | ||||
| CVE-2024-38783 | 1 Tychesoftwares | 2 Acronix Faq, Arconix Faq | 2025-03-20 | 5.3 Medium |
| Missing Authorization vulnerability in Tyche Softwares Arconix FAQ allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix FAQ: from n/a through 1.9.4. | ||||
| CVE-2024-38769 | 1 Tychesoftwares | 1 Arconix Shortcodes | 2025-03-20 | 5.3 Medium |
| Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11. | ||||
| CVE-2023-24524 | 1 Sap | 1 S\/4hana | 2025-03-20 | 6.5 Medium |
| SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability. | ||||
| CVE-2023-24528 | 1 Sap | 1 Fiori | 2025-03-20 | 6.5 Medium |
| SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents. | ||||
| CVE-2023-44472 | 1 Brizy | 1 Unyson | 2025-03-20 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.28. | ||||
| CVE-2024-23520 | 1 Accessally | 1 Popupally | 2025-03-20 | 4.3 Medium |
| Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0. | ||||
| CVE-2023-0019 | 1 Sap | 1 Grc Process Control | 2025-03-20 | 6.5 Medium |
| In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality. | ||||
| CVE-2023-2414 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2025-03-20 | 5.4 Medium |
| The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload arbitrary files, and inject malicious JavaScript (before 4.3.2). | ||||
| CVE-2024-22298 | 1 Tms-outsource | 1 Amelia | 2025-03-20 | 5.3 Medium |
| Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98. | ||||