Total
6215 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48375 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 5.5 Medium |
| In contacts service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | ||||
| CVE-2024-1870 | 1 Extendthemes | 1 Colibri Page Builder | 2025-01-28 | 4.3 Medium |
| The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access or higher, to update the license key. | ||||
| CVE-2024-28004 | 1 Extendthemes | 1 Colibri Page Builder | 2025-01-28 | 5.4 Medium |
| Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a through 1.0.248. | ||||
| CVE-2022-48388 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 7.8 High |
| In powerEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2022-44433 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 7.8 High |
| In phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | ||||
| CVE-2024-1108 | 1 Davidcramer | 1 Plugin Groups | 2025-01-28 | 6.5 Medium |
| The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration. | ||||
| CVE-2024-36377 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 6.5 Medium |
| In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions | ||||
| CVE-2024-1861 | 1 Billminozzi | 1 Anti Hacker | 2025-01-27 | 4.3 Medium |
| The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table. | ||||
| CVE-2024-12826 | 2025-01-27 | 4.3 Medium | ||
| The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings. | ||||
| CVE-2025-23656 | 2025-01-27 | 6.5 Medium | ||
| Missing Authorization vulnerability in Saul Morales Pacheco Donate visa allows Stored XSS. This issue affects Donate visa: from n/a through 1.0.0. | ||||
| CVE-2024-10574 | 2025-01-27 | 7.2 High | ||
| The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ays_save_google_credentials' function in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This makes it possible for unauthenticated attackers to modify the Google Sheets integration credentials within the plugin's settings. Because the 'client_id' parameter is not sanitized or escaped when used in output, this vulnerability could also be leveraged to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-24584 | 2025-01-27 | 4.3 Medium | ||
| Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0. | ||||
| CVE-2024-13447 | 1 Thimpress | 1 Wp Hotel Booking | 2025-01-24 | 4.3 Medium |
| The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotel_booking_load_order_user AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve a list of registered user emails. | ||||
| CVE-2025-24580 | 2025-01-24 | 6.5 Medium | ||
| Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 12 Step Meeting List: from n/a through 3.16.5. | ||||
| CVE-2025-24591 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1. | ||||
| CVE-2025-24571 | 2025-01-24 | 5.4 Medium | ||
| Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.78.258. | ||||
| CVE-2025-24589 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in JS Morisset JSM Show Post Metadata allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JSM Show Post Metadata: from n/a through 4.6.0. | ||||
| CVE-2025-24594 | 2025-01-24 | 6.5 Medium | ||
| Missing Authorization vulnerability in Speedcomp Linet ERP-Woocommerce Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.7. | ||||
| CVE-2025-24604 | 2025-01-24 | 5.4 Medium | ||
| Missing Authorization vulnerability in Vikas Ratudi VForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VForm: from n/a through 3.0.5. | ||||
| CVE-2025-24618 | 2025-01-24 | 4.3 Medium | ||
| Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1. | ||||