Total
3282 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31267 | 1 Wpdesk | 1 Flexible Checkout Fields | 2024-11-01 | 4.3 Medium |
| Missing Authorization vulnerability in WP Desk Flexible Checkout Fields for WooCommerce.This issue affects Flexible Checkout Fields for WooCommerce: from n/a through 4.1.2. | ||||
| CVE-2024-5770 | 1 Webfactoryltd | 1 Wp Force Ssl | 2024-11-01 | 4.2 Medium |
| The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permissions and above, to update the plugin settings. | ||||
| CVE-2024-5654 | 1 Gsheetconnector | 1 Cf7 Google Sheets Connector | 2024-11-01 | 6.5 Medium |
| The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggle site configuration settings, including WP_DEBUG, WP_DEBUG_LOG, SCRIPT_DEBUG, and SAVEQUERIES. | ||||
| CVE-2024-50428 | 2024-11-01 | 4.3 Medium | ||
| Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21. | ||||
| CVE-2024-50422 | 1 Cloudways | 1 Breeze | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.1.14. | ||||
| CVE-2024-50421 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through 3.8.6. | ||||
| CVE-2024-50423 | 2024-11-01 | 5.4 Medium | ||
| Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5. | ||||
| CVE-2024-50454 | 1 Seopress | 1 Seopress | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | ||||
| CVE-2024-50424 | 2024-11-01 | 6.5 Medium | ||
| Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5. | ||||
| CVE-2024-10399 | 2024-11-01 | 4.3 Medium | ||
| The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users. | ||||
| CVE-2024-44156 | 1 Apple | 1 Macos | 2024-11-01 | 7.1 High |
| A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences. | ||||
| CVE-2024-42934 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2024-10-31 | 5 Medium |
| OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution. | ||||
| CVE-2024-4468 | 1 Salonbookingsystem | 1 Salon Booking System | 2024-10-31 | 4.3 Medium |
| The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber access or higher to modify plugin settings and view discount codes intended for other users. | ||||
| CVE-2024-5087 | 1 Webfactoryltd | 1 Minimal Coming Soon \& Maintenance Mode | 2024-10-31 | 6.3 Medium |
| The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the license key, which could disable features of the plugin. | ||||
| CVE-2024-4661 | 1 Webfactoryltd | 1 Wp Reset | 2024-10-31 | 4.3 Medium |
| The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the value fo the 'License Key' field for the 'Activate Pro License' setting. | ||||
| CVE-2023-40105 | 2024-10-31 | 5.5 Medium | ||
| In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-36036 | 2024-10-31 | 4.2 Medium | ||
| Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration. | ||||
| CVE-2024-23230 | 2024-10-31 | 5.5 Medium | ||
| This issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access sensitive user data. | ||||
| CVE-2024-1137 | 2024-10-31 | 4.3 Medium | ||
| The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. | ||||
| CVE-2023-52541 | 1 Huawei | 2 Emui, Harmonyos | 2024-10-31 | 7.5 High |
| Authentication vulnerability in the API for app pre-loading. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||