CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 5224 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-10543	1 Tumult	1 Tumult Hype Animations	2024-11-08	4.3 Medium
The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve animation information.
CVE-2024-6626	2 Theinnovs, Thelnnovs	2 Eleforms, Eleforms	2024-11-08	5.3 Medium
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to view form submissions.
CVE-2024-43998	1 Websiteinwp	1 Blogpoet	2024-11-08	6.5 Medium
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
CVE-2024-43982	2 Geek Code Lab, Geekcodelab	2 Login As Users, Login As Users	2024-11-08	8.8 High
Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login As Users: from n/a through 1.4.3.
CVE-2024-43981	1 Ayecode	1 Geodirectory	2024-11-08	4.3 Medium
Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70.
CVE-2024-44006	1 Onthegosystems	1 Woocommerce Multilingual \& Multicurrency	2024-11-08	4.3 Medium
Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.6.
CVE-2024-44019	1 Renzojohnson	2 Contact Form 7 Campaign Monitor Extension, Contact Form 7 Compaign Monitor Extension	2024-11-08	5.3 Medium
Missing Authorization vulnerability in Renzo Johnson Contact Form 7 Campaign Monitor Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contact Form 7 Campaign Monitor Extension: from n/a through 0.4.67.
CVE-2024-44020	1 Prasadkirpekar	1 Wp Free Ssl	2024-11-08	4.3 Medium
Missing Authorization vulnerability in Prasad Kirpekar WP Free SSL – Free SSL Certificate for WordPress and force HTTPS allows . This issue affects WP Free SSL – Free SSL Certificate for WordPress and force HTTPS: from n/a through 1.2.6.
CVE-2024-43980	1 Cozythemes	1 Fotawp	2024-11-08	6.5 Medium
Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fota WP: from n/a through 1.4.1.
CVE-2024-43979	1 Cozythemes	1 Blockbooster	2024-11-08	6.5 Medium
Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10.
CVE-2024-43974	1 Cozythemes	1 Revivenews	2024-11-08	6.5 Medium
Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2.
CVE-2024-43973	1 Ayecode	1 Getpaid	2024-11-08	4.3 Medium
Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11.
CVE-2024-43968	1 Newspack	1 Newspack	2024-11-08	4.3 Medium
Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6.
CVE-2024-43962	1 Lws	1 Affiliation	2024-11-08	5.4 Medium
Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4.
CVE-2024-43956	1 Caseproof	1 Memberpress	2024-11-08	6.5 Medium
Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34.
CVE-2024-43937	1 Themeum	1 Wp Crowdfunding	2024-11-08	6.4 Medium
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.
CVE-2024-7429	1 Katieseaborn	1 Zotpress	2024-11-08	4.3 Medium
The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset the plugin's settings.
CVE-2024-50456	1 Seopress	1 Seopress	2024-11-07	5.4 Medium
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.
CVE-2024-50455	1 Seopress	1 Seopress	2024-11-07	4.3 Medium
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.
CVE-2024-49367	1 Nginxui	1 Nginx Ui	2024-11-07	7.5 High
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue.

« first previous Page 249 of 262. next last »