Total
5365 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23672 | 1 Givewp | 1 Givewp | 2025-02-25 | 5.4 Medium |
| Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | ||||
| CVE-2023-47183 | 1 Givewp | 1 Givewp | 2025-02-25 | 5.3 Medium |
| Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1. | ||||
| CVE-2024-12071 | 1 Evergreencontentposter | 1 Evergreen Content Poster | 2025-02-25 | 5.3 Medium |
| The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to delete arbitrary posts and pages. | ||||
| CVE-2024-13364 | 1 Raptive | 1 Raptive Ads | 2025-02-25 | 5.3 Medium |
| The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to reset the ad and cls files. | ||||
| CVE-2023-28672 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | 6.5 Medium |
| Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2023-0911 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-02-25 | 6.5 Medium |
| The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default. | ||||
| CVE-2024-13520 | 1 Codemenschen | 1 Gift Vouchers | 2025-02-25 | 5.3 Medium |
| The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'update_voucher_price', 'update_voucher_date', 'update_voucher_note' functions in all versions up to, and including, 4.4.6. This makes it possible for unauthenticated attackers to update the value, expiration date, and user note for any gift voucher. | ||||
| CVE-2025-0968 | 1 Wpmet | 1 Elementskit Elementor Addons | 2025-02-25 | 5.3 Medium |
| The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item created in Elementor, such as posts, pages and templates including drafts, trashed and private items. | ||||
| CVE-2023-28675 | 1 Jenkins | 1 Octoperf Load Testing | 2025-02-25 | 4.3 Medium |
| A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. | ||||
| CVE-2025-1483 | 1 Wwexgroup | 1 Ltl Freight Quotes | 2025-02-25 | 5.3 Medium |
| The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engtz_wd_save_dropship AJAX endpoint in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to update the drop shipping settings. | ||||
| CVE-2025-26948 | 2025-02-25 | 4.3 Medium | ||
| Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | ||||
| CVE-2023-20955 | 1 Google | 1 Android | 2025-02-25 | 7.8 High |
| In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813 | ||||
| CVE-2025-26960 | 2025-02-25 | 6.5 Medium | ||
| Missing Authorization vulnerability in enituretechnology Small Package Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.9. | ||||
| CVE-2025-26975 | 2025-02-25 | 5.3 Medium | ||
| Missing Authorization vulnerability in WP Chill Strong Testimonials allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Strong Testimonials: from n/a through 3.2.3. | ||||
| CVE-2025-26983 | 2025-02-25 | 4.3 Medium | ||
| Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.4.3. | ||||
| CVE-2025-22787 | 1 Bplugins | 1 Button Block | 2025-02-25 | 4.3 Medium |
| Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5. | ||||
| CVE-2025-26928 | 2025-02-25 | 4.3 Medium | ||
| Missing Authorization vulnerability in xfinitysoft Order Limit for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Order Limit for WooCommerce: from n/a through 3.0.2. | ||||
| CVE-2023-21029 | 1 Google | 1 Android | 2025-02-25 | 5.5 Medium |
| In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898 | ||||
| CVE-2023-25573 | 1 Metersphere | 1 Metersphere | 2025-02-25 | 8.6 High |
| metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-1643 | 2025-02-25 | 4.3 Medium | ||
| A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been rated as problematic. This issue affects some unknown processing of the file /DadosPessoais/SG_AlterarSenha. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. | ||||