Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-36840

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-16 Oct, 2024 | 07:31
Updated At-16 Oct, 2024 | 17:26
Rejected At-
Credits

Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:16 Oct, 2024 | 07:31
Updated At:16 Oct, 2024 | 17:26
Rejected At:
▼CVE Numbering Authority (CNA)
Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more.

Affected Products
Vendor
jetmonsters
Product
Timetable and Event Schedule by MotoPress
Default Status
unaffected
Versions
Affected
  • From * through 2.3.8 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Ramuel Gall
Timeline
EventDate
Disclosed2020-04-21 00:00:00
Event: Disclosed
Date: 2020-04-21 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/988d7b33-f985-4d22-a2db-3922002fcecb?source=cve
N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2288592%40mp-timetable&new=2288592%40mp-timetable&sfp_email=&sfph_mail=
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/988d7b33-f985-4d22-a2db-3922002fcecb?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2288592%40mp-timetable&new=2288592%40mp-timetable&sfp_email=&sfph_mail=
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
motopress
Product
timetable_and_event_schedule
CPEs
  • cpe:2.3:a:motopress:timetable_and_event_schedule:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 2.3.8 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:16 Oct, 2024 | 08:15
Updated At:30 Oct, 2024 | 21:06

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CPE Matches
motopress
motopress
>>timetable_and_event_schedule>>Versions before 2.3.9(exclusive)
cpe:2.3:a:motopress:timetable_and_event_schedule:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2288592%40mp-timetable&new=2288592%40mp-timetable&sfp_email=&sfph_mail=security@wordfence.com
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/988d7b33-f985-4d22-a2db-3922002fcecb?source=cvesecurity@wordfence.com
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2288592%40mp-timetable&new=2288592%40mp-timetable&sfp_email=&sfph_mail=
Source: security@wordfence.com
Resource:
Patch
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/988d7b33-f985-4d22-a2db-3922002fcecb?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

316Records found
CVE-2024-37444
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.49% / 64.70%
||
7 Day CHG+0.07%
Published-01 Nov, 2024 | 14:18
Updated-28 May, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Defender plugin <= 4.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.7.1.

Action-Not Available
Vendor-Incsub, LLC
Product-defenderDefender Securitydefender_security
CWE ID-CWE-862
Missing Authorization
CVE-2024-37463
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.39%
||
7 Day CHG+0.03%
Published-01 Nov, 2024 | 14:18
Updated-07 Feb, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5.

Action-Not Available
Vendor-crmperksCRM Perkscrmperks
Product-crm_perks_formsCRM Perks Formscrm_perks_forms
CWE ID-CWE-862
Missing Authorization
CVE-2024-35692
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.16%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:21
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2.

Action-Not Available
Vendor-termlyTermlytermly
Product-gdpr_cookie_consent_bannerCookie Consentgdpr_cookie_consent_banner
CWE ID-CWE-862
Missing Authorization
CVE-2024-35660
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.81%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:56
Updated-26 Nov, 2024 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.

Action-Not Available
Vendor-master-addonsJewel Themejeweltheme
Product-master_addonsMaster Addons for Elementormaster_addons_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-35742
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.49%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:40
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.

Action-Not Available
Vendor-codeparrotsCode Parrots
Product-easy_forms_for_mailchimpEasy Forms for Mailchimp
CWE ID-CWE-862
Missing Authorization
CVE-2024-36246
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.17%
||
7 Day CHG~0.00%
Published-31 May, 2024 | 06:11
Updated-08 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

Action-Not Available
Vendor-Yokogawa Rental & Lease Corporationyokogawa_rental_lease_corporation
Product-UnifierUnifier Castunifierunifier_cast
CWE ID-CWE-862
Missing Authorization
CVE-2024-35735
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 56.61%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:43
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11.

Action-Not Available
Vendor-CodePeople
Product-wp_time_slots_booking_formWP Time Slots Booking Formwp_time_slots_booking_form
CWE ID-CWE-862
Missing Authorization
CVE-2024-35661
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.11%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:33
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2.

Action-Not Available
Vendor-softlabbdSoftLab
Product-upload_fields_for_wpformsUpload Fields for WPForms
CWE ID-CWE-862
Missing Authorization
CVE-2022-41417
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.71%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.

Action-Not Available
Vendor-blogenginen/a
Product-blogengine.netn/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-33914
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.34%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:36
Updated-10 Apr, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability

Missing Authorization vulnerability in Exclusive Addons Exclusive Addons Elementor.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.1.

Action-Not Available
Vendor-exclusiveaddonsExclusive Addons
Product-exclusive_addons_for_elementorExclusive Addons Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-33545
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.11%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:10
Updated-01 Nov, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WZone plugin <= 14.0.10 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.

Action-Not Available
Vendor-aa-teamAA-Team
Product-wzoneWZone
CWE ID-CWE-862
Missing Authorization
CVE-2024-32799
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.11%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:50
Updated-05 Feb, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Property Listings plugin <= 3.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3.

Action-Not Available
Vendor-realestateconnectedMerv Barrettrealestateconnected
Product-easy_property_listingsEasy Property Listingseasy_property_listings
CWE ID-CWE-862
Missing Authorization
CVE-2024-30529
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.48% / 64.30%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:03
Updated-05 Nov, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tainacan plugin <= 0.20.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.7.

Action-Not Available
Vendor-tainacanTainacan.orgtainacan
Product-tainacanTainacantainacan
CWE ID-CWE-862
Missing Authorization
CVE-2024-31284
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.80%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:10
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8.

Action-Not Available
Vendor-WPDeveloper
Product-embedpressEmbedPressembedpress
CWE ID-CWE-862
Missing Authorization
CVE-2024-31275
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.2||HIGH
EPSS-0.46% / 63.09%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:16
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.

Action-Not Available
Vendor-Metagauss Inc.
Product-eventprimeEventPrime
CWE ID-CWE-862
Missing Authorization
CVE-2024-30538
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 56.61%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 09:00
Updated-02 Aug, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DELUCKS SEO plugin <= 2.5.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through 2.5.4.

Action-Not Available
Vendor-delucksDELUCKS GmbHdelucks
Product-delucks_seoDELUCKS SEOdelucks_seo
CWE ID-CWE-862
Missing Authorization
CVE-2018-4059
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 73.06%
||
7 Day CHG~0.00%
Published-21 Mar, 2019 | 14:30
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server.

Action-Not Available
Vendor-coturn_projectTalos (Cisco Systems, Inc.)
Product-coturncoTURN
CWE ID-CWE-862
Missing Authorization
CVE-2024-30525
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 27.03%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 19:24
Updated-02 Aug, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Move Addons for Elementor plugin <= 1.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a through 1.2.9.

Action-Not Available
Vendor-moveaddonsmoveaddonsmoveaddons
Product-move_addons_for_elementorMove Addons for Elementormove_addons_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-30534
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.81%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 09:03
Updated-02 Aug, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Calendarista Basic Edition plugin <= 3.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.5.

Action-Not Available
Vendor-typpstypps
Product-calendaristaCalendarista Basic Edition
CWE ID-CWE-862
Missing Authorization
CVE-2024-30477
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 67.37%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 16:01
Updated-15 Apr, 2025 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Klarna Payments for WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Klarna Klarna Payments for WooCommerce.This issue affects Klarna Payments for WooCommerce: from n/a through 3.2.4.

Action-Not Available
Vendor-klarnaklarnaklarna
Product-klarna_for_woocommerceKlarna Payments for WooCommerceklarna_payments_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-31276
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 58.67%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:14
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.8.

Action-Not Available
Vendor-wpfactoryWPFactory
Product-products\,_order_\&_customers_export_for_woocommerceProducts, Order & Customers Export for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-30544
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.11%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:04
Updated-05 Nov, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Whizzy plugin <= 1.1.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in UPQODE Whizzy.This issue affects Whizzy: from n/a through 1.1.18.

Action-Not Available
Vendor-upqodeUPQODEupqode
Product-whizzyWhizzywhizzy
CWE ID-CWE-862
Missing Authorization
CVE-2024-30508
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.50%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 14:17
Updated-11 Feb, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Hotel Booking plugin <= 2.0.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-wp_hotel_bookingWP Hotel Bookingwp_hotel_booking
CWE ID-CWE-862
Missing Authorization
CVE-2024-31283
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.47%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:12
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Local Pickup for WooCommerce plugin <=1.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.2.

Action-Not Available
Vendor-zoremzoremzorem
Product-advanced_local_pickup_for_woocommerceAdvanced Local Pickup for WooCommerceadvanced_local_pickup_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-31244
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.97%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:08
Updated-05 Nov, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Settings Change vulnerability

Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.

Action-Not Available
Vendor-bricksforgeBricksforge
Product-bricksforgeBricksforge
CWE ID-CWE-862
Missing Authorization
CVE-2024-2771
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.98%
||
7 Day CHG-0.01%
Published-18 May, 2024 | 07:38
Updated-06 Feb, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes it possible for unauthenticated attackers to grant users with Fluent Form management permissions which gives them access to all of the plugin's settings and features. This also makes it possible for unauthenticated attackers to delete manager accounts.

Action-Not Available
Vendor-fluentformstechjewelfluentforms
Product-contact_formContact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Buildercontact_form
CWE ID-CWE-862
Missing Authorization
CVE-2015-10143
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.66%
||
7 Day CHG+0.04%
Published-25 Jul, 2025 | 02:23
Updated-25 Jul, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update

The Platform theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the *_ajax_save_options() function in all versions up to 1.4.4 (exclusive). This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Action-Not Available
Vendor-PageLines
Product-Platform
CWE ID-CWE-862
Missing Authorization
CVE-2024-2702
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.2||HIGH
EPSS-0.22% / 44.94%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 09:36
Updated-07 May, 2025 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Olive One Click Demo Import plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.

Action-Not Available
Vendor-olivethemesOlive Themesolive_themes
Product-olive_one_click_demo_importOlive One Click Demo Importolive_one_click_demo_import
CWE ID-CWE-862
Missing Authorization
CVE-2024-25912
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.76% / 72.43%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 17:36
Updated-01 Aug, 2024 | 23:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MoveTo plugin <= 6.2 - Unauthenticated Arbitrary WordPress Settings Change vulnerability

Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.

Action-Not Available
Vendor-Skymoonlabsskymoonlabs
Product-MoveTomoveto
CWE ID-CWE-862
Missing Authorization
CVE-2024-25935
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.65%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 17:31
Updated-03 Feb, 2025 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RegistrationMagic plugin <= 5.2.5.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9.

Action-Not Available
Vendor-Metagauss Inc.
Product-registrationmagicRegistrationMagic
CWE ID-CWE-862
Missing Authorization
CVE-2024-23752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.69% / 70.75%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 00:00
Updated-30 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660.

Action-Not Available
Vendor-gabrieleventurin/a
Product-pandasain/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-22298
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 58.67%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 08:06
Updated-20 Mar, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amelia plugin <= 1.0.98 - Broken Access Control vulnerability

Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98.

Action-Not Available
Vendor-tms-outsourceTMStms-outsource
Product-ameliaAmeliaamelia
CWE ID-CWE-862
Missing Authorization
CVE-2024-21216
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-1.28% / 78.73%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 19:52
Updated-18 Oct, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverOracle WebLogic Server
CWE ID-CWE-862
Missing Authorization
CVE-2022-38651
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.12%
||
7 Day CHG~0.00%
Published-12 Nov, 2022 | 00:00
Updated-01 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-hyperic_servern/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-6805
Matching Score-4
Assigner-National Instruments
ShareView Details
Matching Score-4
Assigner-National Instruments
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.96%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 21:00
Updated-17 Sep, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.

Action-Not Available
Vendor-niNIni
Product-veristandVeriStandveristand
CWE ID-CWE-862
Missing Authorization
CVE-2024-6636
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-1.67% / 81.37%
||
7 Day CHG-1.18%
Published-20 Jul, 2024 | 07:38
Updated-11 Feb, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation

The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'woo_slg_login_email' function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to change the default role to Administrator while registering for an account.

Action-Not Available
Vendor-WPWeb Elite
Product-woocommerce_social_loginWooCommerce - Social Loginwoocommerce_social_login
CWE ID-CWE-862
Missing Authorization
CVE-2024-13556
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.1||HIGH
EPSS-0.66% / 70.27%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 05:22
Updated-21 Feb, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection

The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.

Action-Not Available
Vendor-wecantrackwecantrack
Product-affiliate_linksAffiliate Links: WordPress Plugin for Link Cloaking and Link Management
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-862
Missing Authorization
CVE-2024-13513
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.32%
||
7 Day CHG~0.00%
Published-15 Feb, 2025 | 07:33
Updated-25 Feb, 2025 | 03:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation

The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2.3 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data including the plugin's clientToken, which in turn can be used to change user account information including emails and account type. This allows attackers to then change account passwords resulting in a complete site takeover. Version 2.4.2.3 disabled logging but left sites with existing log files vulnerable.

Action-Not Available
Vendor-oliverposoliverpos
Product-oliver_posOliver POS – A WooCommerce Point of Sale (POS)
CWE ID-CWE-862
Missing Authorization
CVE-2022-36228
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.07% / 20.40%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 00:00
Updated-30 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.

Action-Not Available
Vendor-janusintln/a
Product-noke_standard_smart_padlock_firmwarenoke_hd\+_smart_padlock_firmwarenoke_hd_smart_padlock_firmwarenoke_hd\+_smart_padlocknoke_hd_smart_padlocknoke_standard_smart_padlockn/a
CWE ID-CWE-862
Missing Authorization
CVE-2022-38057
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.60%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:36
Updated-30 Jun, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.

Action-Not Available
Vendor-themehunkThemeHunkthemehunk
Product-th_advance_product_searchAdvance WordPress Search Pluginadvanced_wordpress_search
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-862
Missing Authorization
CVE-2022-36642
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-76.03% / 98.87%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 21:23
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.

Action-Not Available
Vendor-telosalliancen/a
Product-omnia_mpx_node_firmwareomnia_mpx_noden/a
CWE ID-CWE-862
Missing Authorization
CVE-2022-36418
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 46.16%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 15:51
Updated-23 May, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HREFLANG Tags Lite Plugin <= 2.0.0 is vulnerable to Broken Authentication

Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0.

Action-Not Available
Vendor-dcgwsVagary Digital
Product-hreflang_tags_liteHREFLANG Tags Lite
CWE ID-CWE-862
Missing Authorization
CVE-2024-54239
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.79% / 72.97%
||
7 Day CHG+0.04%
Published-13 Dec, 2024 | 14:24
Updated-13 Dec, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Eyewear prescription form plugin <= 4.0.18 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18.

Action-Not Available
Vendor-dugudlabs
Product-Eyewear prescription form
CWE ID-CWE-862
Missing Authorization
CVE-2024-50490
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-32.55% / 96.70%
||
7 Day CHG+1.11%
Published-29 Oct, 2024 | 08:33
Updated-29 Oct, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in Szabolcs Szecsenyi PegaPoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through 1.0.2.

Action-Not Available
Vendor-Szabolcs Szecsenyiszabolcs_szecsenyi
Product-PegaPollpegapoll
CWE ID-CWE-862
Missing Authorization
CVE-2024-33561
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.62%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:06
Updated-01 Nov, 2024 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XStore theme <= 9.3.8 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.

Action-Not Available
Vendor-8theme8theme
Product-xstoreXStore
CWE ID-CWE-862
Missing Authorization
CVE-2024-50500
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.48%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:23
Updated-26 May, 2025 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Phlox Core Elements plugin <= 2.17.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2.

Action-Not Available
Vendor-Depicter (Averta)
Product-shortcodes_and_extra_features_for_phlox_themeShortcodes and extra features for Phlox theme
CWE ID-CWE-862
Missing Authorization
CVE-2024-50459
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 52.67%
||
7 Day CHG+0.04%
Published-29 Oct, 2024 | 16:36
Updated-06 Nov, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AidWP plugin <= 3.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stripe Donation and Payment Plugin: from n/a through 3.2.3.

Action-Not Available
Vendor-hmpluginHM Pluginhmplugin
Product-aidwpWordPress Stripe Donation and Payment Pluginaccept_stripe_donation_-_aidwp
CWE ID-CWE-862
Missing Authorization
CVE-2024-50475
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-18.38% / 94.98%
||
7 Day CHG+0.78%
Published-29 Oct, 2024 | 08:39
Updated-29 Oct, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Signup Page plugin <= 1.0 - Arbitrary Option Update to Privilege Escalation vulnerability

Missing Authorization vulnerability in Scott Gamon Signup Page allows Privilege Escalation.This issue affects Signup Page: from n/a through 1.0.

Action-Not Available
Vendor-Scott Gamonscott_gamon
Product-Signup Pagesignup_page
CWE ID-CWE-862
Missing Authorization
CVE-2021-33924
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.80% / 73.06%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 09:44
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information.

Action-Not Available
Vendor-confluentn/a
Product-ansiblen/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-48073
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.19% / 77.95%
||
7 Day CHG+0.10%
Published-08 Nov, 2024 | 00:00
Updated-18 Nov, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection vulnerability, which could allow an attacker to pass commands to this program via command line arguments to gain elevated root privileges.

Action-Not Available
Vendor-n/asunniwell
Product-n/aht3300_firmware
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • Next
Details not found