Total
5352 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24704 | 1 Addonmaster | 1 Load More Anything | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3. | ||||
| CVE-2024-23524 | 1 Ontraport | 1 Pilotpress | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30. | ||||
| CVE-2024-23521 | 1 Happyforms | 1 Happyforms | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in Happyforms.This issue affects Happyforms: from n/a through 1.25.10. | ||||
| CVE-2024-23518 | 2024-11-21 | 4.3 Medium | ||
| Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6. | ||||
| CVE-2024-23504 | 1 Wpmanageninja | 1 Ninja Tables | 2024-11-21 | 5.3 Medium |
| Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5. | ||||
| CVE-2024-23503 | 1 Wpmanageninja | 1 Ninja Tables | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6. | ||||
| CVE-2024-22296 | 1 Code4recovery | 1 12 Step Meeting List | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28. | ||||
| CVE-2024-22156 | 1 Snpdigital | 1 Salesking Wordpress | 2024-11-21 | 6.5 Medium |
| Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. | ||||
| CVE-2024-21751 | 1 Yoginetwork | 1 Rabbitloader | 2024-11-21 | 5.4 Medium |
| Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13. | ||||
| CVE-2024-21748 | 1 Icegram | 1 Icegram Express | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21. | ||||
| CVE-2024-1955 | 1 Wprepublic | 1 Hide Dashboard Notifications | 2024-11-21 | 4.3 Medium |
| The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings. | ||||
| CVE-2024-1804 | 1 Themeum | 1 Tutor Lms - Migration Tool | 2024-11-21 | 4.3 Medium |
| The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses. | ||||
| CVE-2024-1798 | 1 Themeum | 1 Tutor Lms - Migration Tool | 2024-11-21 | 5.3 Medium |
| The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses. | ||||
| CVE-2024-1689 | 1 Themefarmer | 1 Woocommerce Tools | 2024-11-21 | 5.3 Medium |
| The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to deactivate arbitrary plugin modules. | ||||
| CVE-2024-1634 | 1 Startbooking | 1 Scheduling Plugin - Online Booking | 2024-11-21 | 6.5 Medium |
| The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data. | ||||
| CVE-2024-1350 | 2024-11-21 | 5.3 Medium | ||
| Missing Authorization vulnerability in Prasidhda Malla Honeypot for WP Comment.This issue affects Honeypot for WP Comment: from n/a through 2.2.3. | ||||
| CVE-2024-1177 | 1 Wpclubmanager | 1 Wp Club Manager | 2024-11-21 | 5.3 Medium |
| The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs | ||||
| CVE-2024-1175 | 1 Plechevandrey | 1 Wp-recall | 2024-11-21 | 5.3 Medium |
| The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments. | ||||
| CVE-2024-1137 | 2024-11-21 | 4.3 Medium | ||
| The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. | ||||
| CVE-2024-1122 | 1 Themewinter | 1 Eventin | 2024-11-21 | 5.3 Medium |
| The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. | ||||