Total
1727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41665 | 2024-05-17 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0. | |||||
| CVE-2023-26540 | 2024-05-17 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. | |||||
| CVE-2023-41957 | 2024-05-17 | N/A | 8.6 HIGH | ||
| Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4. | |||||
| CVE-2023-51481 | 2024-05-17 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0. | |||||
| CVE-2023-23990 | 2024-05-17 | N/A | 7.6 HIGH | ||
| Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through 2.7.0. | |||||
| CVE-2024-33552 | 2024-05-17 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8. | |||||
| CVE-2024-30542 | 2024-05-17 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2. | |||||
| CVE-2023-50890 | 2024-05-17 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20. | |||||
| CVE-2023-51476 | 2024-05-17 | N/A | 9.8 CRITICAL | ||
| Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0. | |||||
| CVE-2024-34370 | 2024-05-17 | N/A | 7.2 HIGH | ||
| Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. | |||||
| CVE-2023-51546 | 2024-05-17 | N/A | 7.2 HIGH | ||
| Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1. | |||||
| CVE-2023-51479 | 2024-05-17 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | |||||
| CVE-2024-32960 | 2024-05-17 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12. | |||||
| CVE-2024-32959 | 2024-05-17 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2. | |||||
| CVE-2023-33327 | 2024-05-17 | N/A | 8.8 HIGH | ||
| Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2. | |||||
| CVE-2023-6099 | 1 Szjocat | 1 Facial Love Cloud Platform | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-38817 | 1 Echo | 1 Anti Cheat Tool | 2024-05-17 | N/A | 7.8 HIGH |
| An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by Microsoft itself." | |||||
| CVE-2022-40297 | 1 Ubports | 1 Ubuntu Touch | 2024-05-17 | N/A | 7.8 HIGH |
| UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. This passcode is only four digits, far below typical length/complexity for a user account's password. NOTE: a third party states "The described attack cannot be executed as demonstrated. | |||||
| CVE-2021-28250 | 1 Ca | 1 Ehealth Performance Manager | 2024-05-17 | 4.6 MEDIUM | 7.8 HIGH |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-26594 | 1 Rangerstudio | 1 Directus | 2024-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||