Total
5353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23778 | 2025-01-17 | 5.4 Medium | ||
| Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through 1.3.2. | ||||
| CVE-2025-23785 | 2025-01-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4. | ||||
| CVE-2025-23862 | 2025-01-17 | 5.3 Medium | ||
| Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through 1.0.1. | ||||
| CVE-2025-23916 | 2025-01-17 | 5.4 Medium | ||
| Missing Authorization vulnerability in Nuanced Media WP Meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through 2.3.0. | ||||
| CVE-2025-23929 | 2025-01-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2. | ||||
| CVE-2025-23917 | 2025-01-17 | 5.4 Medium | ||
| Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.8. | ||||
| CVE-2025-23930 | 2025-01-17 | 4.3 Medium | ||
| Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2. | ||||
| CVE-2023-31826 | 1 Skyscreamer | 1 Nevado Jms | 2025-01-17 | 7.8 High |
| Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data. | ||||
| CVE-2023-27304 | 1 Cybozu | 1 Garoon | 2025-01-17 | 4.3 Medium |
| Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. | ||||
| CVE-2025-23761 | 2025-01-17 | 5.4 Medium | ||
| Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2. | ||||
| CVE-2024-1352 | 1 Radiustheme | 1 Classified Listing | 2025-01-17 | 6.5 Medium |
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms. | ||||
| CVE-2024-12365 | 1 Boldgrid | 1 W3 Total Cache | 2025-01-16 | 8.5 High |
| The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications. | ||||
| CVE-2024-12006 | 1 Boldgrid | 1 W3 Total Cache | 2025-01-16 | 5.3 Medium |
| The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and deactivate plugin extensions. | ||||
| CVE-2023-33983 | 1 Briarproject | 1 Briar | 2025-01-16 | 7.4 High |
| The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties. | ||||
| CVE-2023-5611 | 1 S-sols | 1 Seraphinite Accelerator | 2025-01-16 | 5.3 Medium |
| The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them | ||||
| CVE-2024-3711 | 1 Brizy | 1 Brizy | 2025-01-16 | 4.3 Medium |
| The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized plugin setting update due to a missing capability check on the functions action_request_disable, action_change_template, and action_request_enable in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with contributor access or above, to enable/disable the Brizy editor and modify the template used. | ||||
| CVE-2024-1937 | 1 Brizy | 1 Brizy | 2025-01-16 | 7.1 High |
| The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44. This makes it possible for authenticated attackers, with contributor access and above, to modify the content of arbitrary published posts, which includes the ability to insert malicious JavaScript. | ||||
| CVE-2024-1388 | 1 Wpmoose | 1 Yuki | 2025-01-16 | 4.3 Medium |
| The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme's settings. | ||||
| CVE-2024-6455 | 1 Wpmet | 1 Elements Kit Elementor Addons | 2025-01-16 | 5.3 Medium |
| The ElementsKit Elementor addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.0 due to a missing capability checks on ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, pending and private items. | ||||
| CVE-2024-1779 | 1 Zestard | 1 Admin Side Data Storage For Contact Form 7 | 2025-01-16 | 5.3 Medium |
| The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages. | ||||