Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35748 | 1 Opmc | 1 Woocommerce Dropshipping | 2024-06-12 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4. | |||||
| CVE-2024-5382 | 1 Master-addons | 1 Master Addons | 2024-06-11 | N/A | 5.3 MEDIUM |
| The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it possible for unauthenticated attackers to create or modify existing Master Addons templates or make settings modifications related to these templates. | |||||
| CVE-2024-5489 | 1 Wbcomdesigns | 1 Custom Font Uploader | 2024-06-11 | N/A | 4.3 MEDIUM |
| The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete any custom font. | |||||
| CVE-2024-5665 | 1 Xootix | 1 Login\/signup Popup | 2024-06-11 | N/A | 4.3 MEDIUM |
| The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘export_settings’ function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary options on affected sites. | |||||
| CVE-2024-5453 | 1 Metagauss | 1 Profilegrid | 2024-06-11 | N/A | 4.3 MEDIUM |
| The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary options to the value '1' or change group icons. | |||||
| CVE-2024-4088 | 1 Wpattire | 1 Attire Blocks | 2024-06-11 | N/A | 4.3 MEDIUM |
| The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disable_fe_assets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subscriber access or above, to change the plugin's settings. Additionally, no nonce check is performed resulting in a CSRF vulnerability. | |||||
| CVE-2024-30525 | 1 Moveaddons | 1 Move Addons For Elementor | 2024-06-11 | N/A | 7.3 HIGH |
| Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a through 1.2.9. | |||||
| CVE-2024-30528 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-06-11 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10. | |||||
| CVE-2024-30484 | 1 Risethemes | 1 Rt Easy Builder | 2024-06-11 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue affects RT Easy Builder – Advanced addons for Elementor: from n/a through 2.0. | |||||
| CVE-2024-35672 | 1 Netgsm | 1 Netgsm | 2024-06-11 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.16. | |||||
| CVE-2024-35716 | 2024-06-11 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.9. | |||||
| CVE-2023-28775 | 2024-06-11 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4. | |||||
| CVE-2023-33922 | 2024-06-11 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2. | |||||
| CVE-2024-34691 | 2024-06-11 | N/A | 6.5 MEDIUM | ||
| Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system. | |||||
| CVE-2024-34813 | 2024-06-11 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.8. | |||||
| CVE-2023-52217 | 2024-06-11 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | |||||
| CVE-2023-25799 | 2024-06-11 | N/A | 8.3 HIGH | ||
| Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8. | |||||
| CVE-2024-34690 | 2024-06-11 | N/A | 5.4 MEDIUM | ||
| SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application. | |||||
| CVE-2024-24704 | 2024-06-11 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3. | |||||
| CVE-2024-34824 | 2024-06-11 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20. | |||||