Total
3276 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-37468 | 1 Blazethemes | 1 Newsmatic | 2024-11-01 | 5.3 Medium |
Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1. | ||||
CVE-2022-20736 | 1 Cisco | 1 Appdynamics Controller | 2024-11-01 | 5.3 Medium |
A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability. | ||||
CVE-2024-9361 | 1 Giuliopanda | 1 Bulk Images Optimizer | 2024-11-01 | 4.3 Medium |
The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options. | ||||
CVE-2024-33941 | 1 Ipanorama 360 Wordpress Virtual Tour Builder Project | 1 Ipanorama 360 Wordpress Virtual Tour Builder | 2024-11-01 | 5.3 Medium |
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1. | ||||
CVE-2024-33547 | 1 Aa-team | 1 Wzone | 2024-11-01 | 8.3 High |
Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10. | ||||
CVE-2023-52177 | 1 Softlabdb | 1 Integrate Google Drive | 2024-11-01 | 5.4 Medium |
Missing Authorization vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.3. | ||||
CVE-2024-33555 | 1 8theme | 1 Xstore Core | 2024-11-01 | 8.1 High |
Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8. | ||||
CVE-2024-33561 | 1 8theme | 1 Xstore | 2024-11-01 | 7.5 High |
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. | ||||
CVE-2024-33563 | 1 8theme | 1 Xstore | 2024-11-01 | 7.6 High |
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. | ||||
CVE-2024-33564 | 1 8theme | 1 Xstore | 2024-11-01 | 8.8 High |
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8. | ||||
CVE-2024-33545 | 1 Aa-team | 1 Wzone | 2024-11-01 | 5.3 Medium |
Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10. | ||||
CVE-2024-33543 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2024-11-01 | 7.5 High |
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.06. | ||||
CVE-2024-31274 | 1 Wpdeveloper | 1 Embedpress | 2024-11-01 | 5.3 Medium |
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.11. | ||||
CVE-2024-31273 | 1 Wiselyhub | 1 Js Help Desk | 2024-11-01 | 5.3 Medium |
Missing Authorization vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.8.3. | ||||
CVE-2024-31267 | 1 Wpdesk | 1 Flexible Checkout Fields | 2024-11-01 | 4.3 Medium |
Missing Authorization vulnerability in WP Desk Flexible Checkout Fields for WooCommerce.This issue affects Flexible Checkout Fields for WooCommerce: from n/a through 4.1.2. | ||||
CVE-2024-5770 | 1 Webfactoryltd | 1 Wp Force Ssl | 2024-11-01 | 4.2 Medium |
The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permissions and above, to update the plugin settings. | ||||
CVE-2024-5654 | 1 Gsheetconnector | 1 Cf7 Google Sheets Connector | 2024-11-01 | 6.5 Medium |
The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site configuration settings, including WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES. | ||||
CVE-2024-50423 | 2024-11-01 | 5.4 Medium | ||
Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5. | ||||
CVE-2024-50428 | 2024-11-01 | 4.3 Medium | ||
Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21. | ||||
CVE-2024-50422 | 1 Cloudways | 1 Breeze | 2024-11-01 | 5.3 Medium |
Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.1.14. |