Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1092 | 1 Themeisle | 1 Rss Aggregator By Feedzy | 2024-02-13 | N/A | 4.3 MEDIUM |
| The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them. | |||||
| CVE-2024-1121 | 1 Hookturn | 1 Advanced Forms For Acf | 2024-02-13 | N/A | 5.3 MEDIUM |
| The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings. | |||||
| CVE-2024-0791 | 1 Pluginus | 1 Wolf - Wordpress Posts Bulk Editor And Products Manager Professional | 2024-02-13 | N/A | 4.3 MEDIUM |
| The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms. | |||||
| CVE-2024-0797 | 1 Pluginus | 1 Woot | 2024-02-13 | N/A | 4.3 MEDIUM |
| The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use. | |||||
| CVE-2024-0835 | 1 Royal-elementor-addons | 1 Royal Elementor Kit | 2024-02-13 | N/A | 4.3 MEDIUM |
| The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values. | |||||
| CVE-2024-0324 | 1 Cozmoslabs | 1 Profile Builder | 2024-02-13 | N/A | 7.5 HIGH |
| The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles. | |||||
| CVE-2023-6985 | 1 10web | 1 Ai Assistant | 2024-02-13 | N/A | 8.8 HIGH |
| The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site. | |||||
| CVE-2024-1177 | 1 Wpclubmanager | 1 Wp Club Manager | 2024-02-13 | N/A | 5.3 MEDIUM |
| The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs | |||||
| CVE-2024-24739 | 2024-02-13 | N/A | 6.3 MEDIUM | ||
| SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2024-24741 | 2024-02-13 | N/A | 4.3 MEDIUM | ||
| SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability. | |||||
| CVE-2024-25643 | 2024-02-13 | N/A | 4.3 MEDIUM | ||
| The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability. | |||||
| CVE-2023-4637 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2024-02-12 | N/A | 5.3 MEDIUM |
| The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID. | |||||
| CVE-2024-1109 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-02-10 | N/A | 5.3 MEDIUM |
| The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information. | |||||
| CVE-2024-1110 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-02-10 | N/A | 5.3 MEDIUM |
| The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings. | |||||
| CVE-2024-0372 | 1 Formviewswp | 1 Views For Wpforms | 2024-02-10 | N/A | 4.3 MEDIUM |
| The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. | |||||
| CVE-2024-0371 | 1 Formviewswp | 1 Views For Wpforms | 2024-02-10 | N/A | 4.3 MEDIUM |
| The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. | |||||
| CVE-2024-0370 | 1 Formviewswp | 1 Views For Wpforms | 2024-02-09 | N/A | 4.3 MEDIUM |
| The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts. | |||||
| CVE-2023-6700 | 1 Cookieinformation | 1 Wp-gdpr-compliance | 2024-02-09 | N/A | 8.8 HIGH |
| The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts. | |||||
| CVE-2023-47148 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-02-08 | N/A | 7.5 HIGH |
| IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599. | |||||
| CVE-2024-1047 | 1 Themeisle | 1 Orbit Fox | 2024-02-08 | N/A | 5.3 MEDIUM |
| The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys. | |||||