Total
7029 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43293 | 1 Wpzoom | 1 Recipe Card Blocks For Gutenberg \& Elementor | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1. | ||||
| CVE-2024-43296 | 1 Bplugins | 1 Html5 Video Player | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30. | ||||
| CVE-2024-43297 | 1 Backupbliss | 1 Clone | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5. | ||||
| CVE-2024-43298 | 1 Backupbliss | 1 Clone | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5. | ||||
| CVE-2024-43302 | 1 Fontsplugin | 1 Fonts | 2024-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in Fonts Plugin Fonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fonts: from n/a through 3.7.7. | ||||
| CVE-2024-43310 | 1 Ukrsolution | 1 Print Labels With Barcodes | 2024-11-13 | 6.5 Medium |
| Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.9. | ||||
| CVE-2024-43312 | 1 Wpclever | 1 Wpc Frequently Bought Together For Woocommerce | 2024-11-13 | 5.4 Medium |
| Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9. | ||||
| CVE-2024-43929 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-11-12 | 6.5 Medium |
| Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4. | ||||
| CVE-2024-43928 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-11-12 | 5.4 Medium |
| Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4. | ||||
| CVE-2024-47308 | 1 Templately | 1 Templately | 2024-11-12 | 6.5 Medium |
| Missing Authorization vulnerability in Templately allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Templately: from n/a through 3.1.2. | ||||
| CVE-2024-47317 | 1 Wpquads | 1 Ads | 2024-11-12 | 4.3 Medium |
| Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: from n/a through 2.0.84. | ||||
| CVE-2024-47318 | 1 Magazine3 | 1 Pwa For Wp \& Amp | 2024-11-12 | 4.3 Medium |
| Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72. | ||||
| CVE-2024-47321 | 1 Androidbubbles | 1 Wp Datepicker | 2024-11-12 | 6.5 Medium |
| Missing Authorization vulnerability in Fahad Mahmood WP Datepicker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Datepicker: from n/a through 2.1.1. | ||||
| CVE-2024-47358 | 1 Code-atlantic | 1 Popup Maker | 2024-11-12 | 5.3 Medium |
| Missing Authorization vulnerability in Popup Maker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Popup Maker: from n/a through 1.19.2. | ||||
| CVE-2024-47359 | 2 Averta, Depicter | 2 Depicter Slider, Depicter | 2024-11-12 | 5.3 Medium |
| Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Depicter Slider: from n/a through 3.2.2. | ||||
| CVE-2024-47361 | 1 Webtechstreet | 1 Elementor Addon Elements | 2024-11-12 | 6.5 Medium |
| Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6. | ||||
| CVE-2024-47587 | 2024-11-12 | 3.5 Low | ||
| Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application. | ||||
| CVE-2024-10586 | 1 Eugenbobrowski | 1 Debug Tool | 2024-11-12 | 9.8 Critical |
| The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. | ||||
| CVE-2024-10673 | 1 Themehunk | 1 Top Store | 2024-11-12 | 8.8 High |
| The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution. | ||||
| CVE-2024-10674 | 1 Themehunk | 1 Th Shop Mania | 2024-11-12 | 8.8 High |
| The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation. | ||||