Total
5148 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0019 | 1 Sap | 1 Grc Process Control | 2025-03-20 | 6.5 Medium |
| In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality. | ||||
| CVE-2023-2414 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2025-03-20 | 5.4 Medium |
| The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload arbitrary files, and inject malicious JavaScript (before 4.3.2). | ||||
| CVE-2024-22298 | 1 Tms-outsource | 1 Amelia | 2025-03-20 | 5.3 Medium |
| Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98. | ||||
| CVE-2025-1766 | 2025-03-20 | 5.3 Medium | ||
| The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24. This makes it possible for unauthenticated attackers to update the status of ticket payments to 'completed', possibly resulting in financial loss. | ||||
| CVE-2025-1508 | 1 Themeum | 1 Wp Crowdfunding | 2025-03-20 | 5.3 Medium |
| The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download all of a site's post content when WooCommerce is installed. | ||||
| CVE-2024-34799 | 1 Reputeinfosystems | 1 Bookingpress | 2025-03-20 | 6.5 Medium |
| Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82. | ||||
| CVE-2024-1763 | 1 Wpmet | 1 Wp Social Login And Register Social Counter | 2025-03-20 | 6.5 Medium |
| The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features. | ||||
| CVE-2023-35051 | 1 Cimatti | 1 Wordpress Contact Forms | 2025-03-19 | 5.4 Medium |
| Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7. | ||||
| CVE-2024-43331 | 1 Veronalabs | 1 Wp Sms | 2025-03-19 | 5.3 Medium |
| Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3. | ||||
| CVE-2024-32143 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | 4.3 Medium |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0. | ||||
| CVE-2024-32712 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | 7.5 High |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14. | ||||
| CVE-2024-40852 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2025-03-19 | 7.5 High |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access. | ||||
| CVE-2023-38475 | 1 Rednao | 1 Donations Made Easy - Smart Donations | 2025-03-19 | 4.3 Medium |
| Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | ||||
| CVE-2023-29429 | 1 Wpeverest | 1 User Registration | 2025-03-19 | 5.3 Medium |
| Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1. | ||||
| CVE-2023-25768 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | 6.5 Medium |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | ||||
| CVE-2023-25766 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | 4.3 Medium |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2023-23854 | 1 Sap | 1 Netweaver Application Server Abap | 2025-03-19 | 3.8 Low |
| SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2024-12922 | 2 Themegoods, Wordpress | 2 Altair, Wordpress | 2025-03-19 | 9.8 Critical |
| The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-13412 | 1 Wordpress | 1 Wordpress | 2025-03-19 | 7.5 High |
| The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions. | ||||
| CVE-2023-38385 | 1 Artbees | 1 Jupiter X Core | 2025-03-19 | 8.3 High |
| Missing Authorization vulnerability in Artbees JupiterX Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from 3.0.0 through 3.3.0. | ||||