Total
3177 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20032 | 2024-11-21 | N/A | 6.7 MEDIUM | ||
| In aee, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08487630; Issue ID: MSV-1020. | |||||
| CVE-2024-1955 | 1 Wprepublic | 1 Hide Dashboard Notifications | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings. | |||||
| CVE-2024-1804 | 1 Themeum | 1 Tutor Lms - Migration Tool | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses. | |||||
| CVE-2024-1798 | 1 Themeum | 1 Tutor Lms - Migration Tool | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses. | |||||
| CVE-2024-1689 | 1 Themefarmer | 1 Woocommerce Tools | 2024-11-21 | N/A | 5.3 MEDIUM |
| The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to deactivate arbitrary plugin modules. | |||||
| CVE-2024-1634 | 1 Startbooking | 1 Scheduling Plugin - Online Booking | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data. | |||||
| CVE-2024-1438 | 2024-11-21 | N/A | 7.7 HIGH | ||
| Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through 1.0.9. | |||||
| CVE-2024-1350 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP Comment.This issue affects Honeypot for WP Comment: from n/a through 2.2.3. | |||||
| CVE-2024-1177 | 1 Wpclubmanager | 1 Wp Club Manager | 2024-11-21 | N/A | 5.3 MEDIUM |
| The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs | |||||
| CVE-2024-1175 | 1 Plechevandrey | 1 Wp-recall | 2024-11-21 | N/A | 5.3 MEDIUM |
| The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments. | |||||
| CVE-2024-1137 | 2024-11-21 | N/A | 4.3 MEDIUM | ||
| The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. | |||||
| CVE-2024-1122 | 1 Themewinter | 1 Eventin | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. | |||||
| CVE-2024-1121 | 1 Hookturn | 1 Advanced Forms For Acf | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings. | |||||
| CVE-2024-1110 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings. | |||||
| CVE-2024-1109 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information. | |||||
| CVE-2024-1092 | 1 Themeisle | 1 Rss Aggregator By Feedzy | 2024-11-21 | N/A | 4.3 MEDIUM |
| The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them. | |||||
| CVE-2024-1079 | 1 Ays-pro | 1 Quiz Maker | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII. | |||||
| CVE-2024-1078 | 1 Ays-pro | 1 Quiz Maker | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes. | |||||
| CVE-2024-1072 | 1 Seedprod | 1 Website Builder By Seedprod | 2024-11-21 | N/A | 8.2 HIGH |
| The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23. | |||||
| CVE-2024-1047 | 1 Themeisle | 1 Orbit Fox | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys. | |||||