CWE-862 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (5346 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-44031	1 Beardev	1 Joomsport	2024-11-08	4.3 Medium
Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.6.3.
CVE-2024-44052	1 Helloasso	1 Helloasso	2024-11-08	4.3 Medium
Missing Authorization vulnerability in HelloAsso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HelloAsso: from n/a through 1.1.10.
CVE-2024-10535	1 Martinvalchev	1 Video Gallery For Woocommerce	2024-11-08	5.3 Medium
The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails in the video-wc-gallery-thumb directory.
CVE-2024-10543	1 Tumult	1 Tumult Hype Animations	2024-11-08	4.3 Medium
The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve animation information.
CVE-2024-6626	2 Theinnovs, Thelnnovs	2 Eleforms, Eleforms	2024-11-08	5.3 Medium
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to view form submissions.
CVE-2024-43998	1 Websiteinwp	1 Blogpoet	2024-11-08	6.5 Medium
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
CVE-2024-43982	2 Geek Code Lab, Geekcodelab	2 Login As Users, Login As Users	2024-11-08	8.8 High
Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login As Users: from n/a through 1.4.3.
CVE-2024-43981	1 Ayecode	1 Geodirectory	2024-11-08	4.3 Medium
Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: from n/a through 2.3.70.
CVE-2024-44006	1 Onthegosystems	1 Woocommerce Multilingual \& Multicurrency	2024-11-08	4.3 Medium
Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.6.
CVE-2024-44019	1 Renzojohnson	2 Contact Form 7 Campaign Monitor Extension, Contact Form 7 Compaign Monitor Extension	2024-11-08	5.3 Medium
Missing Authorization vulnerability in Renzo Johnson Contact Form 7 Campaign Monitor Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Contact Form 7 Campaign Monitor Extension: from n/a through 0.4.67.
CVE-2024-44020	1 Prasadkirpekar	1 Wp Free Ssl	2024-11-08	4.3 Medium
Missing Authorization vulnerability in Prasad Kirpekar WP Free SSL – Free SSL Certificate for WordPress and force HTTPS allows . This issue affects WP Free SSL – Free SSL Certificate for WordPress and force HTTPS: from n/a through 1.2.6.
CVE-2024-43980	1 Cozythemes	1 Fotawp	2024-11-08	6.5 Medium
Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fota WP: from n/a through 1.4.1.
CVE-2024-43979	1 Cozythemes	1 Blockbooster	2024-11-08	6.5 Medium
Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10.
CVE-2024-43974	1 Cozythemes	1 Revivenews	2024-11-08	6.5 Medium
Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2.
CVE-2024-43973	1 Ayecode	1 Getpaid	2024-11-08	4.3 Medium
Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11.
CVE-2024-43968	1 Newspack	1 Newspack	2024-11-08	4.3 Medium
Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6.
CVE-2024-43962	1 Lws	1 Affiliation	2024-11-08	5.4 Medium
Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4.
CVE-2024-43956	1 Caseproof	1 Memberpress	2024-11-08	6.5 Medium
Missing Authorization vulnerability in Caseproof, LLC Memberpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Memberpress: from n/a through 1.11.34.
CVE-2024-43937	1 Themeum	1 Wp Crowdfunding	2024-11-08	6.4 Medium
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.
CVE-2024-7429	1 Katieseaborn	1 Zotpress	2024-11-08	4.3 Medium
The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset the plugin's settings.

« first previous Page 255 of 268. next last »