Total
3160 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43928 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-11-12 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4. | |||||
| CVE-2024-47302 | 1 Wpmanageninja | 1 Fluent Support | 2024-11-12 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in WPManageNinja LLC Fluent Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through 1.8.0. | |||||
| CVE-2024-47308 | 1 Templately | 1 Templately | 2024-11-12 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Templately allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Templately: from n/a through 3.1.2. | |||||
| CVE-2024-47311 | 1 Kraftplugins | 1 Wheel Of Life | 2024-11-12 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Kraft Plugins Wheel of Life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through 1.1.8. | |||||
| CVE-2024-47314 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-11-12 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.8. | |||||
| CVE-2024-47317 | 1 Wpquads | 1 Ads | 2024-11-12 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: from n/a through 2.0.84. | |||||
| CVE-2024-47318 | 1 Magazine3 | 1 Pwa For Wp \& Amp | 2024-11-12 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72. | |||||
| CVE-2024-47321 | 1 Androidbubbles | 1 Wp Datepicker | 2024-11-12 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Fahad Mahmood WP Datepicker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Datepicker: from n/a through 2.1.1. | |||||
| CVE-2024-47358 | 1 Code-atlantic | 1 Popup Maker | 2024-11-12 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Popup Maker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Popup Maker: from n/a through 1.19.2. | |||||
| CVE-2024-47359 | 1 Depicter | 1 Depicter | 2024-11-12 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Depicter Slider: from n/a through 3.2.2. | |||||
| CVE-2024-47361 | 1 Webtechstreet | 1 Elementor Addon Elements | 2024-11-12 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6. | |||||
| CVE-2024-22257 | 2024-11-12 | N/A | 8.2 HIGH | ||
| In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. | |||||
| CVE-2024-10586 | 2024-11-12 | N/A | 9.8 CRITICAL | ||
| The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. | |||||
| CVE-2024-10294 | 2024-11-12 | N/A | 6.5 MEDIUM | ||
| The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings. | |||||
| CVE-2024-10588 | 2024-11-12 | N/A | 4.3 MEDIUM | ||
| The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well. | |||||
| CVE-2024-10589 | 2024-11-12 | N/A | 9.8 CRITICAL | ||
| The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-10674 | 2024-11-12 | N/A | 8.8 HIGH | ||
| The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation. | |||||
| CVE-2024-10673 | 2024-11-12 | N/A | 8.8 HIGH | ||
| The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution. | |||||
| CVE-2024-47587 | 2024-11-12 | N/A | 3.5 LOW | ||
| Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application. | |||||
| CVE-2024-42372 | 2024-11-12 | N/A | 6.5 MEDIUM | ||
| Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application. | |||||