Total
4406 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24594 | 2025-01-24 | 6.5 Medium | ||
| Missing Authorization vulnerability in Speedcomp Linet ERP-Woocommerce Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.7. | ||||
| CVE-2025-24604 | 2025-01-24 | 5.4 Medium | ||
| Missing Authorization vulnerability in Vikas Ratudi VForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VForm: from n/a through 3.0.5. | ||||
| CVE-2025-24618 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1. | ||||
| CVE-2025-24613 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in Foliovision FV Thoughtful Comments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FV Thoughtful Comments: from n/a through 0.3.5. | ||||
| CVE-2025-24652 | 2025-01-24 | 5.4 Medium | ||
| Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6. | ||||
| CVE-2025-24625 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in Marco Almeida | Webdados Taxonomy/Term and Role based Discounts for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxonomy/Term and Role based Discounts for WooCommerce: from n/a through 5.1. | ||||
| CVE-2025-24649 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2. | ||||
| CVE-2025-24679 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in webraketen Internal Links Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Links Manager: from n/a through 2.5.2. | ||||
| CVE-2025-24682 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in mikemmx Super Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Block Slider: from n/a through 2.7.9. | ||||
| CVE-2025-24693 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in Yehi Advanced Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Notifications: from n/a through 1.2.7. | ||||
| CVE-2025-24691 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in Gagan Sandhu , Enej Bajgoric , CTLT DEV, UBC People Lists allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects People Lists: from n/a through 1.3.10. | ||||
| CVE-2024-4223 | 1 Themeum | 1 Tutor Lms | 2025-01-24 | 9.8 Critical |
| The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete data. | ||||
| CVE-2025-23991 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in theDotstore Product Size Charts Plugin for WooCommerce.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through 2.4.5. | ||||
| CVE-2025-22607 | 2025-01-24 | N/A | ||
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on a Coolify instance by only knowing the UUID of the model. This exposes the "client id", "client secret" and "webhook secret." Version 4.0.0-beta.361 fixes this issue. | ||||
| CVE-2023-39990 | 1 Strangerstudios | 1 Paid Memberships Pro | 2025-01-24 | 5.4 Medium |
| Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3. | ||||
| CVE-2023-20726 | 5 Google, Linuxfoundation, Mediatek and 2 more | 63 Android, Yocto, Mt2731 and 60 more | 2025-01-24 | 3.3 Low |
| In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only). | ||||
| CVE-2024-9630 | 1 10web | 1 Wps Telegram Chat | 2025-01-24 | 5.4 Medium |
| The WPS Telegram Chat plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when accessing messages in versions up to, and including, 4.5.4. This makes it possible for unauthenticated attackers to view the messages that are sent through the Telegram Bot API. | ||||
| CVE-2024-0377 | 1 Lifterlms | 1 Lifterlms | 2025-01-23 | 5.3 Medium |
| The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site. | ||||
| CVE-2024-11069 | 1 Welaunch | 2 Wordpress Gdpr, Wordpress Gdpr\&ccpa | 2025-01-23 | 6.5 Medium |
| The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users. | ||||
| CVE-2024-10393 | 1 Themeum | 1 Tutor Lms | 2025-01-23 | 5.3 Medium |
| The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. | ||||