| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_reload_nav_menu() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to modify the location of display menus. |
| The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. |
| Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8. |
| Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through <= 2.6.7. |
| Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/uploadImage’. |
| Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9. |
| In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to
5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8,
versions 6.2.x prior to 6.2.3, an application is possible vulnerable to
broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. |
| Missing Authorization vulnerability in XSERVER Inc. TypeSquare Webfonts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TypeSquare Webfonts: from n/a through 2.0.7. |
| Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9. |
| The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to store cross-site scripting that will trigger when viewing the dashboard templates or accessing FAQs. |
| A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations. |
| Missing Authorization vulnerability in xootix Waitlist Woocommerce ( Back in stock notifier ) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Waitlist Woocommerce ( Back in stock notifier ): from n/a through 2.6. |
| The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve a list of registered user emails. |
| Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5. |
| Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36. |
| Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.18. |
| Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows .
This issue affects Backup and Restore WordPress: from n/a through 1.50. |
| Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50. |
| Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect evaluation of effective permissions. |
| The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybe_disconnect_simpleshop function in all versions up to, and including, 2.10.2. This makes it possible for unauthenticated attackers to disconnect the SimpleShop. |