Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51680 | 1 Technovama | 1 Quotes For Woocommerce | 2024-07-18 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in TechnoVama Quotes for WooCommerce.This issue affects Quotes for WooCommerce: from n/a through 2.0.1. | |||||
| CVE-2023-52177 | 1 Softlab | 1 Integrate Google Drive | 2024-07-18 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3. | |||||
| CVE-2023-51537 | 1 Awesomesupport | 1 Awesome Support Wordpress Helpdesk \& Support | 2024-07-18 | N/A | 7.3 HIGH |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.5. | |||||
| CVE-2023-51679 | 1 Bulkgate | 1 Sms Plugin For Woocommerce | 2024-07-18 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2. | |||||
| CVE-2023-51671 | 1 Funnelkit | 1 Funnelkit Checkout | 2024-07-18 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | |||||
| CVE-2023-51670 | 1 Funnelkit | 1 Funnelkit Checkout | 2024-07-18 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3. | |||||
| CVE-2023-51376 | 1 Brainstormforce | 1 Surefeedback | 2024-07-18 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34. | |||||
| CVE-2024-21748 | 1 Icegram | 1 Icegram Express | 2024-07-17 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21. | |||||
| CVE-2024-3961 | 1 Convertkit | 1 Convertkit - Email Marketing\, Email Newsletter And Landing Pages | 2024-07-17 | N/A | 5.3 MEDIUM |
| The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded. | |||||
| CVE-2024-3610 | 1 Wensolutions | 1 Wp Child Theme Generator | 2024-07-17 | N/A | 5.3 MEDIUM |
| The WP Child Theme Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wctg_easy_child_theme() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to create a blank child theme and activate it cause the site to whitescreen. | |||||
| CVE-2024-1955 | 1 Wprepublic | 1 Hide Dashboard Notifications | 2024-07-17 | N/A | 4.3 MEDIUM |
| The Hide Dashboard Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'warning_notices_settings' function in all versions up to, and including, 1.3. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's settings. | |||||
| CVE-2023-6966 | 1 Themoneytizer | 1 The Moneytizer | 2024-07-15 | N/A | 8.1 HIGH |
| The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/core_ajax.php file in all versions up to, and including, 9.5.20. This makes it possible for authenticated attackers, with subscriber access and above, to update and retrieve billing and bank details, update and reset the plugin's settings, and update languages as well as other lower-severity actions. | |||||
| CVE-2024-3627 | 1 Kraftplugins | 1 Wheel Of Life | 2024-07-15 | N/A | 5.4 MEDIUM |
| The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings. | |||||
| CVE-2024-3602 | 1 Promolayer | 1 Popup Builder | 2024-07-15 | N/A | 4.3 MEDIUM |
| The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection. | |||||
| CVE-2023-3204 | 1 Extendthemes | 1 Materialis | 2024-07-15 | N/A | 6.5 MEDIUM |
| The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to modify any option on the site to a numerical value. | |||||
| CVE-2024-0619 | 1 Payflex | 1 Payment Gateway | 2024-07-12 | N/A | 5.3 MEDIUM |
| The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss. | |||||
| CVE-2024-37202 | 2024-07-12 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter allows Cross-Site Scripting (XSS).This issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through 1.222.16. | |||||
| CVE-2024-37544 | 2024-07-12 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Tobias Conrad Get Better Reviews for WooCommerce.This issue affects Get Better Reviews for WooCommerce: from n/a through 4.0.6. | |||||
| CVE-2024-39546 | 2024-07-12 | N/A | 7.3 HIGH | ||
| A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system. This issue affects Junos OS Evolved: * All versions prior to 21.2R3-S8-EVO, * 21.4 versions prior to 21.4R3-S6-EVO, * 22.1 versions prior to 22.1R3-S5-EVO, * 22.2 versions prior to 22.2R3-S3-EVO, * 22.3 versions prior to 22.3R3-S3-EVO, * 22.4 versions prior to 22.4R3-EVO, * 23.2 versions prior to 23.2R2-EVO. | |||||
| CVE-2024-5820 | 2024-07-12 | N/A | 7.6 HIGH | ||
| An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all communication between the user and the backend. This vulnerability can lead to unauthorized command execution and potential server-side request forgery. | |||||