Total
3291 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23504 | 1 Wpmanageninja | 1 Ninja Tables | 2024-08-07 | 5.3 Medium |
| Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5. | ||||
| CVE-2023-51497 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-08-07 | 5.4 Medium |
| Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9. | ||||
| CVE-2023-51496 | 1 Woocommerce | 1 Returns And Warranty Requests | 2024-08-07 | 5.3 Medium |
| Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. | ||||
| CVE-2023-51495 | 1 Woocommerce | 1 Returns And Warranty Requests | 2024-08-07 | 6.5 Medium |
| Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. | ||||
| CVE-2023-51377 | 1 Wpeverest | 1 Everest Forms | 2024-08-07 | 5.3 Medium |
| Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3. | ||||
| CVE-2023-51516 | 1 Businessdirectoryplugin | 1 Business Directory | 2024-08-07 | 5.4 Medium |
| Missing Authorization vulnerability in Business Directory Team Business Directory Plugin.This issue affects Business Directory Plugin: from n/a through 6.3.9. | ||||
| CVE-2023-51507 | 1 Expresstech | 1 Quiz And Survey Master | 2024-08-07 | 5.3 Medium |
| Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16. | ||||
| CVE-2023-37394 | 2 Deepak Anand, Wp Dummy Content Generator Project | 2 Wp Dummy Content Generator, Wp Dummy Content Generator | 2024-08-07 | 5.3 Medium |
| Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 2.3.0. | ||||
| CVE-2023-40209 | 2 Himalaya Saxena, Himalayasaxena | 2 Highcompress Image Compressor, Highcompress Image Compressor | 2024-08-07 | 6.5 Medium |
| Missing Authorization vulnerability in Himalaya Saxena Highcompress Image Compressor.This issue affects Highcompress Image Compressor: from n/a through 6.0.0. | ||||
| CVE-2023-41240 | 1 Varktech | 1 Pricing Deals For Woocommerce | 2024-08-07 | 5.3 Medium |
| Missing Authorization vulnerability in Vark Pricing Deals for WooCommerce.This issue affects Pricing Deals for WooCommerce: from n/a through 2.0.3.2. | ||||
| CVE-2023-44234 | 1 Devfarm | 1 Wp Gpx Maps | 2024-08-07 | 4.3 Medium |
| Missing Authorization vulnerability in Bastianon Massimo WP GPX Map.This issue affects WP GPX Map: from n/a through 1.7.08. | ||||
| CVE-2023-47828 | 1 Millermedia | 1 Mandrill | 2024-08-07 | 4.3 Medium |
| Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33. | ||||
| CVE-2022-24768 | 1 Argoproj | 1 Argo Cd | 2024-08-07 | 9.9 Critical |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5.0 contain limited versions of this issue. To perform exploits, an authorized Argo CD user must have push access to an Application's source git or Helm repository or `sync` and `override` access to an Application. Once a user has that access, different exploitation levels are possible depending on their other RBAC privileges. A patch for this vulnerability has been released in Argo CD versions 2.3.2, 2.2.8, and 2.1.14. Some mitigation measures are available but do not serve as a substitute for upgrading. To avoid privilege escalation, limit who has push access to Application source repositories or `sync` + `override` access to Applications; and limit which repositories are available in projects where users have `update` access to Applications. To avoid unauthorized resource inspection/tampering, limit who has `delete`, `get`, or `action` access to Applications. | ||||
| CVE-2023-22736 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-08-07 | 8.6 High |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. Reconciled Application namespaces are specified as a comma-delimited list of glob patterns. When sharding is enabled on the Application controller, it does not enforce that list of patterns when reconciling Applications. For example, if Application namespaces are configured to be argocd-*, the Application controller may reconcile an Application installed in a namespace called other, even though it does not start with argocd-. Reconciliation of the out-of-bounds Application is only triggered when the Application is updated, so the attacker must be able to cause an update operation on the Application resource. This bug only applies to users who have explicitly enabled the "apps-in-any-namespace" feature by setting `application.namespaces` in the argocd-cmd-params-cm ConfigMap or otherwise setting the `--application-namespaces` flags on the Application controller and API server components. The apps-in-any-namespace feature is in beta as of this Security Advisory's publish date. The bug is also limited to Argo CD instances where sharding is enabled by increasing the `replicas` count for the Application controller. Finally, the AppProjects' `sourceNamespaces` field acts as a secondary check against this exploit. To cause reconciliation of an Application in an out-of-bounds namespace, an AppProject must be available which permits Applications in the out-of-bounds namespace. A patch for this vulnerability has been released in versions 2.5.8 and 2.6.0-rc5. As a workaround, running only one replica of the Application controller will prevent exploitation of this bug. Making sure all AppProjects' sourceNamespaces are restricted within the confines of the configured Application namespaces will also prevent exploitation of this bug. | ||||
| CVE-2023-25030 | 1 Buymeacoffee | 1 Buy Me A Coffee | 2024-08-07 | 4.3 Medium |
| Missing Authorization vulnerability in Buy Me a Coffee.This issue affects Buy Me a Coffee: from n/a through 3.7. | ||||
| CVE-2023-38395 | 1 Afzalmultani | 1 Wp Clone Menu | 2024-08-07 | 5.4 Medium |
| Missing Authorization vulnerability in Afzal Multani WP Clone Menu.This issue affects WP Clone Menu: from n/a through 1.0.1. | ||||
| CVE-2023-28775 | 1 Yoast | 1 Yoast Seo | 2024-08-07 | 5.3 Medium |
| Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4. | ||||
| CVE-2023-33922 | 1 Elementor | 1 Website Builder | 2024-08-07 | 4.3 Medium |
| Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2. | ||||
| CVE-2023-52186 | 1 Woo | 1 Product Vendors | 2024-08-07 | 5.3 Medium |
| Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2. | ||||
| CVE-2023-51519 | 1 Soliloquywp | 1 Slider | 2024-08-07 | 4.3 Medium |
| Missing Authorization vulnerability in Soliloquy Team Slider by Soliloquy.This issue affects Slider by Soliloquy: from n/a through 2.7.2. | ||||