Total
4406 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23189 | 2025-02-11 | 4.3 Medium | ||
| Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability | ||||
| CVE-2024-13643 | 2025-02-11 | 8.8 High | ||
| The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks on the backup_options() and reset_options() functions in all versions up to and including 3.17.0. This vulnerability allows authenticated attackers with Subscriber-level access and above to update and delete arbitrary option values on the WordPress site. Attackers can exploit this issue to update the default user role for registration to Administrator and enable user registration, thereby gaining administrative access to the vulnerable site. Additionally, they could delete critical options, causing errors that may disrupt the site's functionality and deny service to legitimate users. | ||||
| CVE-2024-11911 | 1 Themeum | 1 Wp Crowdfunding | 2025-02-11 | 4.3 Medium |
| The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install WooCommerce. This has a limited impact on most sites because WooCommerce is a requirement. | ||||
| CVE-2023-41870 | 1 Themeum | 1 Wp Crowdfunding | 2025-02-11 | 4.3 Medium |
| Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5. | ||||
| CVE-2023-37890 | 1 Logon | 1 Kb Support | 2025-02-11 | 4.3 Medium |
| Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Support – WordPress Help Desk and Knowledge Base: from n/a through 1.5.88. | ||||
| CVE-2024-55408 | 2025-02-11 | 5.3 Medium | ||
| An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizing the driver when crafted IOCTL requests are supplied. | ||||
| CVE-2024-3606 | 1 Metagauss | 1 Profilegrid | 2025-02-10 | 4.3 Medium |
| The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pm_upload_cover_image function in all versions up to, and including, 5.8.3. This makes it possible for authenticated attackers, with subscriber access or higher, to delete attachments. | ||||
| CVE-2023-1167 | 1 Gitlab | 1 Gitlab | 2025-02-10 | 5.3 Medium |
| Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR. | ||||
| CVE-2024-43254 | 1 Zaytech | 1 Smart Online Order For Clover | 2025-02-10 | 4.3 Medium |
| Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Online Order for Clover: from n/a through 1.5.6. | ||||
| CVE-2024-43253 | 1 Zaytech | 1 Smart Online Order For Clover | 2025-02-10 | 5.3 Medium |
| Missing Authorization vulnerability in Zaytech Smart Online Order for Clover allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Online Order for Clover: from n/a through 1.5.6. | ||||
| CVE-2024-37453 | 1 Metagauss | 1 Profilegrid | 2025-02-10 | 4.3 Medium |
| Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid: from n/a through 5.8.7. | ||||
| CVE-2023-1782 | 1 Hashicorp | 1 Nomad | 2025-02-10 | 10 Critical |
| HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3. | ||||
| CVE-2024-53803 | 1 Wpmailster | 1 Wp Mailster | 2025-02-10 | 6.5 Medium |
| Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. | ||||
| CVE-2024-8548 | 2 Cagdasdag, Logon | 2 Kb Support Wordpress Help Desk And Knowledge Base, Kb Support | 2025-02-10 | 8.1 High |
| The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants. | ||||
| CVE-2024-8632 | 2 Cagdasdag, Logon | 2 Kb Support Wordpress Help Desk And Knowledge Base, Kb Support | 2025-02-10 | 6.5 Medium |
| The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read. | ||||
| CVE-2024-32798 | 1 Wptravelengine | 1 Wp Travel Engine | 2025-02-10 | 7.5 High |
| Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0. | ||||
| CVE-2024-33589 | 1 Logon | 1 Kb Support | 2025-02-10 | 6.5 Medium |
| Missing Authorization vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.6.0. | ||||
| CVE-2022-0218 | 1 Codemiq | 1 Wordpress Email Template Designer | 2025-02-10 | 8.3 High |
| The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. This makes it possible for attackers with no privileges to execute the endpoint and add malicious JavaScript to a vulnerable WordPress site. | ||||
| CVE-2024-32684 | 1 Wpmet | 1 Wp Ultimate Review | 2025-02-09 | 5.3 Medium |
| Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. | ||||
| CVE-2023-50898 | 1 Sirv | 1 Sirv | 2025-02-09 | 5.4 Medium |
| Missing Authorization vulnerability in sirv.Com Sirv.This issue affects Sirv: from n/a through 7.1.2. | ||||