Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24704 | 1 Addonmaster | 1 Load More Anything | 2024-07-23 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3. | |||||
| CVE-2024-34824 | 1 Themeboy | 1 Sportspress | 2024-07-23 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20. | |||||
| CVE-2024-35716 | 1 Copymatic | 1 Copymatic | 2024-07-23 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.9. | |||||
| CVE-2024-35692 | 1 Termly | 1 Gdpr Cookie Consent Banner | 2024-07-23 | N/A | 7.3 HIGH |
| Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2. | |||||
| CVE-2024-4898 | 1 Instawp | 1 Instawp Connect | 2024-07-23 | N/A | 9.8 CRITICAL |
| The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts. | |||||
| CVE-2024-30534 | 1 Typps | 1 Calendarista | 2024-07-22 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.5. | |||||
| CVE-2023-52232 | 1 Booster | 1 Booster For Woocommerce | 2024-07-22 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. | |||||
| CVE-2023-52230 | 1 Booster | 1 Booster For Woocommerce | 2024-07-22 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3. | |||||
| CVE-2024-30537 | 1 Wpclever | 1 Wpc Badge Management For Woocommerce | 2024-07-22 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through 2.4.0. | |||||
| CVE-2024-30538 | 1 Delucks | 1 Delucks Seo | 2024-07-22 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through 2.5.4. | |||||
| CVE-2024-30539 | 1 Getawesomesupport | 1 Awesome Support | 2024-07-22 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. | |||||
| CVE-2024-6489 | 2024-07-22 | N/A | 5.3 MEDIUM | ||
| The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_google_api_key function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key. | |||||
| CVE-2024-6491 | 2024-07-22 | N/A | 4.3 MEDIUM | ||
| The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mailchimp_api_key_manage function in all versions up to, and including, 2.0.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to set the MailChimp API key. | |||||
| CVE-2024-6636 | 2024-07-22 | N/A | 9.8 CRITICAL | ||
| The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role to Administrator while registering for an account. | |||||
| CVE-2023-51524 | 1 Weformspro | 1 Weforms | 2024-07-19 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.18. | |||||
| CVE-2024-5703 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-07-19 | N/A | 4.3 MEDIUM |
| The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access the API (provided it is enabled) and add, edit, and delete audience users. | |||||
| CVE-2024-6660 | 1 Reputeinfosystems | 1 Bookingpress | 2024-07-19 | N/A | 8.8 HIGH |
| The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary files. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-6033 | 1 Themewinter | 1 Eventin | 2024-07-19 | N/A | 4.3 MEDIUM |
| The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to import events, speakers, schedules and attendee data. | |||||
| CVE-2024-5997 | 2024-07-19 | N/A | 4.3 MEDIUM | ||
| The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_user and duplicate_post functions in all versions up to, and including, 0.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create duplicates of users and posts/pages. | |||||
| CVE-2024-6799 | 2024-07-19 | N/A | 4.3 MEDIUM | ||
| The YITH Essential Kit for WooCommerce #1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_module', 'deactivate_module', and 'install_module' functions in all versions up to, and including, 2.34.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install, activate, and deactivate plugins from a pre-defined list of available YITH plugins. | |||||