Total
5750 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43998 | 1 Websiteinwp | 1 Blogpoet | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3. | ||||
| CVE-2024-43982 | 2 Geek Code Lab, Geekcodelab | 2 Login As Users, Login As Users | 2024-11-08 | 8.8 High |
| Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login As Users: from n/a through 1.4.3. | ||||
| CVE-2024-43981 | 1 Ayecode | 1 Geodirectory | 2024-11-08 | 4.3 Medium |
| Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70. | ||||
| CVE-2024-44006 | 1 Onthegosystems | 1 Woocommerce Multilingual \& Multicurrency | 2024-11-08 | 4.3 Medium |
| Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.6. | ||||
| CVE-2024-44019 | 1 Renzojohnson | 2 Contact Form 7 Campaign Monitor Extension, Contact Form 7 Compaign Monitor Extension | 2024-11-08 | 5.3 Medium |
| Missing Authorization vulnerability in Renzo Johnson Contact Form 7 Campaign Monitor Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contact Form 7 Campaign Monitor Extension: from n/a through 0.4.67. | ||||
| CVE-2024-44020 | 1 Prasadkirpekar | 1 Wp Free Ssl | 2024-11-08 | 4.3 Medium |
| Missing Authorization vulnerability in Prasad Kirpekar WP Free SSL – Free SSL Certificate for WordPress and force HTTPS allows . This issue affects WP Free SSL – Free SSL Certificate for WordPress and force HTTPS: from n/a through 1.2.6. | ||||
| CVE-2024-43980 | 1 Cozythemes | 1 Fotawp | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fota WP: from n/a through 1.4.1. | ||||
| CVE-2024-43979 | 1 Cozythemes | 1 Blockbooster | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10. | ||||
| CVE-2024-43974 | 1 Cozythemes | 1 Revivenews | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2. | ||||
| CVE-2024-43973 | 1 Ayecode | 1 Getpaid | 2024-11-08 | 4.3 Medium |
| Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11. | ||||
| CVE-2024-43968 | 1 Newspack | 1 Newspack | 2024-11-08 | 4.3 Medium |
| Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6. | ||||
| CVE-2024-43962 | 1 Lws | 1 Affiliation | 2024-11-08 | 5.4 Medium |
| Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4. | ||||
| CVE-2024-43956 | 1 Caseproof | 1 Memberpress | 2024-11-08 | 6.5 Medium |
| Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34. | ||||
| CVE-2024-43937 | 1 Themeum | 1 Wp Crowdfunding | 2024-11-08 | 6.4 Medium |
| Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10. | ||||
| CVE-2024-7429 | 1 Katieseaborn | 1 Zotpress | 2024-11-08 | 4.3 Medium |
| The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset the plugin's settings. | ||||
| CVE-2024-50456 | 1 Seopress | 1 Seopress | 2024-11-07 | 5.4 Medium |
| Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | ||||
| CVE-2024-50455 | 1 Seopress | 1 Seopress | 2024-11-07 | 4.3 Medium |
| Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | ||||
| CVE-2024-49367 | 1 Nginxui | 1 Nginx Ui | 2024-11-07 | 7.5 High |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue. | ||||
| CVE-2024-44082 | 1 Redhat | 3 Openshift, Openshift Ironic, Openstack | 2024-11-07 | 4.3 Medium |
| In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1. | ||||
| CVE-2024-50459 | 1 Hmplugin | 2 Accept Stripe Donation - Aidwp, Aidwp | 2024-11-06 | 5.3 Medium |
| Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3. | ||||