Total
2747 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34379 | 1 Magneticone | 1 Magento To Woocommerce Migration | 2024-01-24 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0. | |||||
| CVE-2022-40702 | 1 Zorem | 1 Advanced Local Pickup For Woocommerce | 2024-01-24 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. | |||||
| CVE-2023-23882 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2024-01-24 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.5. | |||||
| CVE-2022-42884 | 1 Themeinprogress | 1 Wip Custom Login | 2024-01-24 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7. | |||||
| CVE-2022-41786 | 1 Wpjobportal | 1 Wp Job Portal | 2024-01-24 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1. | |||||
| CVE-2022-23180 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2024-01-24 | N/A | 4.3 MEDIUM |
| The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings | |||||
| CVE-2022-41695 | 1 Sedlex | 1 Traffic Manager | 2024-01-23 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5. | |||||
| CVE-2022-41619 | 1 Sedlex | 1 Image Zoom | 2024-01-23 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8. | |||||
| CVE-2023-48926 | 1 Prestashop | 1 Advanced Loyalty Program | 2024-01-23 | N/A | 5.3 MEDIUM |
| An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status. | |||||
| CVE-2021-39231 | 1 Apache | 1 Ozone | 2024-01-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration. | |||||
| CVE-2023-6066 | 1 Kishorkhambu | 1 Wp Custom Widget Area | 2024-01-19 | N/A | 4.3 MEDIUM |
| The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. | |||||
| CVE-2023-6048 | 1 Estatik | 1 Estatik | 2024-01-19 | N/A | 6.5 MEDIUM |
| The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset | |||||
| CVE-2023-6029 | 1 Spider-themes | 1 Eazydocs | 2024-01-19 | N/A | 7.5 HIGH |
| The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections. | |||||
| CVE-2023-5905 | 1 Demomentsomtres | 1 Export Posts With Images | 2024-01-19 | N/A | 8.1 HIGH |
| The DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts. | |||||
| CVE-2024-0236 | 1 Myeventon | 1 Eventon | 2024-01-19 | N/A | 5.3 MEDIUM |
| The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom) | |||||
| CVE-2024-0235 | 1 Myeventon | 1 Eventon | 2024-01-19 | N/A | 5.3 MEDIUM |
| The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog | |||||
| CVE-2023-40362 | 1 Centralsquare | 1 Click2gov Building Permit | 2024-01-19 | N/A | 4.3 MEDIUM |
| An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known. | |||||
| CVE-2023-6751 | 1 Hostinger | 1 Hostinger | 2024-01-18 | N/A | 6.5 MEDIUM |
| The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode. | |||||
| CVE-2023-6554 | 1 Tecnick | 1 Tcexam | 2024-01-18 | N/A | 6.5 MEDIUM |
| When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers. | |||||
| CVE-2023-6638 | 1 Gutengeek | 1 Gg Woo Feed | 2024-01-18 | N/A | 5.3 MEDIUM |
| The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings. | |||||