Total
5748 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4972 | 1 Wpchill | 1 Download Monitor | 2024-10-30 | 7.5 High |
| The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators. | ||||
| CVE-2024-50573 | 1 Jetbrains | 1 Hub | 2024-10-29 | 4.3 Medium |
| In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services | ||||
| CVE-2024-49273 | 1 Metagauss | 1 Profilegrid | 2024-10-29 | 4.3 Medium |
| Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid.This issue affects ProfileGrid: from n/a through 5.9.3. | ||||
| CVE-2024-50476 | 1 Grun Software Group | 1 Spendino Spendenformular | 2024-10-29 | 9.8 Critical |
| Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through 1.0.1. | ||||
| CVE-2024-50475 | 1 Scott Gamon | 1 Signup Page | 2024-10-29 | 9.8 Critical |
| Missing Authorization vulnerability in Scott Gamon Signup Page allows Privilege Escalation.This issue affects Signup Page: from n/a through 1.0. | ||||
| CVE-2024-49321 | 1 Colorlib | 1 Simple Custom Post Order | 2024-10-29 | 4.3 Medium |
| Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through 2.5.7. | ||||
| CVE-2024-50490 | 1 Szabolcs Szecsenyi | 1 Pegapoll | 2024-10-29 | 9.8 Critical |
| Missing Authorization vulnerability in Szabolcs Szecsenyi PegaPoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through 1.0.2. | ||||
| CVE-2024-49293 | 1 Rextheme | 1 Wp Vr | 2024-10-29 | 4.3 Medium |
| Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4. | ||||
| CVE-2024-9629 | 2024-10-29 | 5.4 Medium | ||
| The Contact Form 7 + Telegram plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wpcf7_Telegram::ajax' function in versions up to, and including, 0.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to approve, pause and refuse subscriptions. | ||||
| CVE-2024-10003 | 1 Roveridx | 1 Rover Idx | 2024-10-25 | 6.3 Medium |
| The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options. | ||||
| CVE-2024-9829 | 1 Metagauss | 1 Download Plugin | 2024-10-25 | 6.5 Medium |
| The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download any comment, and download metadata for any user including user PII and sensitive information including username, email, hashed passwords and application passwords, session token information and more depending on set up and additional plugins installed. | ||||
| CVE-2024-9583 | 1 Rebelcode | 1 Rss Aggregator | 2024-10-25 | 4.3 Medium |
| The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions up to, and including, 4.23.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send premium support requests with an attacker-controlled subject line and email address to support allowing them to impersonate the site owner. License information may also be leaked. | ||||
| CVE-2024-48538 | 1 Netdvr | 1 Neye3c | 2024-10-25 | 9.8 Critical |
| Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
| CVE-2024-8667 | 2024-10-25 | 4.3 Medium | ||
| The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. This makes it possible for authenticated attackers, with contributor-level access and above, to publish arbitrary posts like ones they have submitted for review, or a site administrator has in draft. | ||||
| CVE-2024-48645 | 1 Arm32x | 1 Command Block Ide | 2024-10-23 | 7.5 High |
| In Minecraft mod "Command Block IDE" up to and including version 0.4.9, a missing authorization (CWE-862) allows any user to modify "function" files used by the game when installed on a dedicated server. | ||||
| CVE-2024-49325 | 1 Wpdiscover | 1 Photo Gallery Builder | 2024-10-22 | 4.3 Medium |
| Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions. | ||||
| CVE-2024-10078 | 2 Newsignature, Wp Easy Post Types Project | 2 Wp Easy Post Types, Wp Easy Post Types | 2024-10-22 | 7.3 High |
| The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts. | ||||
| CVE-2024-9364 | 1 Smackcoders | 1 Sendgrid | 2024-10-22 | 4.3 Medium |
| The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's log files. | ||||
| CVE-2024-21234 | 1 Oracle | 1 Weblogic Server | 2024-10-18 | 7.5 High |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2024-21246 | 1 Oracle | 1 Service Bus | 2024-10-18 | 7.5 High |
| Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||