Total
5754 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10486 | 1 Automattic | 1 Woocommerce | 2024-11-19 | 5.3 Medium |
| The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks. | ||||
| CVE-2024-11194 | 1 Techlabpro1 | 1 Classified Listing Plugin | 2024-11-19 | 8.8 High |
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array. | ||||
| CVE-2024-10582 | 1 Smartwpress | 1 Music Player For Elementor | 2024-11-19 | 4.3 Medium |
| The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import templates. | ||||
| CVE-2024-43323 | 2 Reviewx, Wpdeveloper | 2 Reviewx, Reviewx | 2024-11-19 | 5.3 Medium |
| Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28. | ||||
| CVE-2024-10575 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-11-19 | 9.8 Critical |
| CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. | ||||
| CVE-2024-37095 | 2024-11-19 | 4.3 Medium | ||
| Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.7.3. | ||||
| CVE-2024-44038 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-11-19 | 5.3 Medium |
| Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. | ||||
| CVE-2024-47302 | 1 Wpmanageninja | 1 Fluent Support | 2024-11-19 | 5.3 Medium |
| Missing Authorization vulnerability in WPManageNinja LLC Fluent Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through 1.8.0. | ||||
| CVE-2024-47311 | 1 Kraftplugins | 1 Wheel Of Life | 2024-11-19 | 5.3 Medium |
| Missing Authorization vulnerability in Kraft Plugins Wheel of Life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through 1.1.8. | ||||
| CVE-2024-47314 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-11-19 | 7.1 High |
| Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.8. | ||||
| CVE-2024-48039 | 1 Cubewp | 1 Cubewp | 2024-11-19 | 4.3 Medium |
| Missing Authorization vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.15. | ||||
| CVE-2024-48044 | 1 Shortpixel | 1 Image Optimizer | 2024-11-19 | 5.4 Medium |
| Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3. | ||||
| CVE-2024-48045 | 1 Leevio | 1 Happy Addons For Elementor | 2024-11-19 | 4.3 Medium |
| Missing Authorization vulnerability in Leevio Happy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through 3.12.3. | ||||
| CVE-2024-10800 | 1 Vanquish | 2 User Extra Fields, Wordpress User Extra Fields | 2024-11-19 | 8.8 High |
| The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to add custom fields that can be updated and then use the check_and_overwrite_wp_or_woocommerce_fields function to update the wp_capabilities field to have administrator privileges. | ||||
| CVE-2021-3987 | 2 Calibre-web Project, Janeczku | 2 Calibre-web, Calibre-web | 2024-11-19 | 4.3 Medium |
| An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users. | ||||
| CVE-2024-10861 | 1 Ays-pro | 1 Popup Box | 2024-11-19 | 5.3 Medium |
| The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 4.9.7. This makes it possible for unauthenticated attackers to update the 'ays_pb_upgrade_plugin' option with arbitrary data. | ||||
| CVE-2024-52416 | 1 Eugenbobrowski | 1 Debug Tool | 2024-11-19 | 10 Critical |
| Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2. | ||||
| CVE-2024-48073 | 1 Sunniwell | 1 Ht3300 Firmware | 2024-11-18 | 9.8 Critical |
| sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection vulnerability, which could allow an attacker to pass commands to this program via command line arguments to gain elevated root privileges. | ||||
| CVE-2024-10531 | 1 Kognetiks | 2 Chatbot, Kognetiks Chatbot | 2024-11-18 | 5.3 Medium |
| The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to update GTP assistants. | ||||
| CVE-2024-10530 | 1 Kognetiks | 1 Kognetiks Chatbot | 2024-11-18 | 4.3 Medium |
| The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new GTP assistants. | ||||