Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-4024

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-17 Aug, 2024 | 07:34
Updated At-19 Aug, 2024 | 15:13
Rejected At-
Credits

Radio Player <= 2.0.73 - Missing Authorization to Player Deletion

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:17 Aug, 2024 | 07:34
Updated At:19 Aug, 2024 | 15:13
Rejected At:
▼CVE Numbering Authority (CNA)
Radio Player <= 2.0.73 - Missing Authorization to Player Deletion

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances.

Affected Products
Vendor
princeahmed
Product
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress
Default Status
unaffected
Versions
Affected
  • From * through 2.0.73 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Alex Thomas
Timeline
EventDate
Disclosed2024-08-16 00:00:00
Event: Disclosed
Date: 2024-08-16 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/3f408f1f-207e-427a-a5d0-d0fadf453d7e?source=cve
N/A
https://plugins.svn.wordpress.org/radio-player/tags/2.0.7/readme.txt
N/A
https://plugins.trac.wordpress.org/changeset/2942906/radio-player/trunk/includes/class-ajax.php
N/A
https://plugins.trac.wordpress.org/changeset/3048105
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/3f408f1f-207e-427a-a5d0-d0fadf453d7e?source=cve
Resource: N/A
Hyperlink: https://plugins.svn.wordpress.org/radio-player/tags/2.0.7/readme.txt
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/2942906/radio-player/trunk/includes/class-ajax.php
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3048105
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
softlab
Product
radio_player
CPEs
  • cpe:2.3:a:softlab:radio_player:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 2.0.73 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:17 Aug, 2024 | 08:15
Updated At:28 Aug, 2024 | 18:32

The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to delete player instances.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
softlabbd
softlabbd
>>radio_player>>Versions before 2.0.74(exclusive)
cpe:2.3:a:softlabbd:radio_player:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarynvd@nist.gov
CWE-862Secondarysecurity@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-862
Type: Secondary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.svn.wordpress.org/radio-player/tags/2.0.7/readme.txtsecurity@wordfence.com
Release Notes
https://plugins.trac.wordpress.org/changeset/2942906/radio-player/trunk/includes/class-ajax.phpsecurity@wordfence.com
Patch
https://plugins.trac.wordpress.org/changeset/3048105security@wordfence.com
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/3f408f1f-207e-427a-a5d0-d0fadf453d7e?source=cvesecurity@wordfence.com
Third Party Advisory
Hyperlink: https://plugins.svn.wordpress.org/radio-player/tags/2.0.7/readme.txt
Source: security@wordfence.com
Resource:
Release Notes
Hyperlink: https://plugins.trac.wordpress.org/changeset/2942906/radio-player/trunk/includes/class-ajax.php
Source: security@wordfence.com
Resource:
Patch
Hyperlink: https://plugins.trac.wordpress.org/changeset/3048105
Source: security@wordfence.com
Resource:
Patch
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/3f408f1f-207e-427a-a5d0-d0fadf453d7e?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

453Records found
CVE-2024-37506
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.55%
||
7 Day CHG+0.01%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.

Action-Not Available
Vendor-WP Charitable LLC.
Product-Charitablecharitable
CWE ID-CWE-862
Missing Authorization
CVE-2024-37463
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.39%
||
7 Day CHG+0.03%
Published-01 Nov, 2024 | 14:18
Updated-07 Feb, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5.

Action-Not Available
Vendor-crmperksCRM Perkscrmperks
Product-crm_perks_formsCRM Perks Formscrm_perks_forms
CWE ID-CWE-862
Missing Authorization
CVE-2024-37123
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.87%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ibtana – WordPress Website Builder plugin <= 1.2.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3.

Action-Not Available
Vendor-VowelWebvowelweb
Product-Ibtanaibtana
CWE ID-CWE-862
Missing Authorization
CVE-2024-35692
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.16%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:21
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2.

Action-Not Available
Vendor-termlyTermlytermly
Product-gdpr_cookie_consent_bannerCookie Consentgdpr_cookie_consent_banner
CWE ID-CWE-862
Missing Authorization
CVE-2024-35729
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.86%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:44
Updated-09 Aug, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.

Action-Not Available
Vendor-tickeraTickeratickera
Product-tickeraTickeratickera
CWE ID-CWE-862
Missing Authorization
CVE-2024-35748
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.75%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:41
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4.

Action-Not Available
Vendor-opmcOPMC
Product-woocommerce_dropshippingWooCommerce Dropshipping
CWE ID-CWE-862
Missing Authorization
CVE-2024-35665
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 39.03%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:10
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Insert Post Ads plugin <= 1.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in namithjawahar Insert Post Ads.This issue affects Insert Post Ads: from n/a through 1.3.2.

Action-Not Available
Vendor-namithjawaharnamithjawahar
Product-Insert Post Adsinsert_post_ads
CWE ID-CWE-862
Missing Authorization
CVE-2024-35667
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 39.03%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:09
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.

Action-Not Available
Vendor-WP EasyCart
Product-WP EasyCart
CWE ID-CWE-862
Missing Authorization
CVE-2024-35685
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.49%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 10:46
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Radcliffe 2 theme <= 2.0.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in Anders Norén Radcliffe 2.This issue affects Radcliffe 2: from n/a through 2.0.17.

Action-Not Available
Vendor-Anders Norénanders_noren
Product-Radcliffe 2radcliffe_2
CWE ID-CWE-862
Missing Authorization
CVE-2024-3599
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.31%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-10 Jul, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.

Action-Not Available
Vendor-wpekawpeka-club
Product-wp_cookie_consentWP Cookie Consent ( for GDPR, CCPA & ePrivacy )
CWE ID-CWE-862
Missing Authorization
CVE-2024-35174
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.82%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 10:18
Updated-02 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability

Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.

Action-Not Available
Vendor-Flothemesflothemes
Product-Flo Formsflo_forms
CWE ID-CWE-862
Missing Authorization
CVE-2024-34819
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.84%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:10
Updated-09 Aug, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MC Woocommerce Wishlist plugin <= 1.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.2.

Action-Not Available
Vendor-moreconvertMoreConvertmoreconvert
Product-woocommerce_wishlistMC Woocommerce Wishlistwoocommerce_wishlist
CWE ID-CWE-862
Missing Authorization
CVE-2024-34768
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.49%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:42
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.

Action-Not Available
Vendor-Fastly
Product-Fastly
CWE ID-CWE-862
Missing Authorization
CVE-2024-34822
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.84%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 15:26
Updated-07 Aug, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-wemailweMail
CWE ID-CWE-862
Missing Authorization
CVE-2024-34813
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.49%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 10:38
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.8.

Action-Not Available
Vendor-MoreConvert
Product-MC Woocommerce Wishlist
CWE ID-CWE-862
Missing Authorization
CVE-2024-34442
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.84%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 13:34
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress weDocs plugin <= 2.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-weDocswedocs
CWE ID-CWE-862
Missing Authorization
CVE-2024-34821
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.91%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:03
Updated-07 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability

Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through 2.9.87.

Action-Not Available
Vendor-contactlistproContact List PROtammersoft
Product-contact_listContact List – Easy Business Directory, Staff Directory and Address Book Plugincontact_list
CWE ID-CWE-862
Missing Authorization
CVE-2024-33929
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.35%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:21
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Directorist plugin <= 7.8.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Directorist.This issue affects Directorist: from n/a through 7.8.6.

Action-Not Available
Vendor-wpWaxWordPress.org
Product-Directoristdirectorist
CWE ID-CWE-862
Missing Authorization
CVE-2024-33908
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.37%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 19:15
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WidgetKit plugin <= 2.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0.

Action-Not Available
Vendor-Themesgrove
Product-WidgetKit
CWE ID-CWE-862
Missing Authorization
CVE-2024-33587
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.38%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 12:40
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Secure Copy Content Protection and Content Locking plugin <= 3.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.9.0.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Secure Copy Content Protection and Content Lockingsecure_copy_content_protection_and_content_locking
CWE ID-CWE-862
Missing Authorization
CVE-2024-33545
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.11%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:10
Updated-01 Nov, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WZone plugin <= 14.0.10 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.

Action-Not Available
Vendor-aa-teamAA-Team
Product-wzoneWZone
CWE ID-CWE-862
Missing Authorization
CVE-2024-33596
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.37%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 08:27
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Five Star Restaurant Reservations plugin <= 2.6.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16.

Action-Not Available
Vendor-Five Star Pluginsfivestarplugins
Product-Five Star Restaurant Reservationsfive_star_restaurant_reservations
CWE ID-CWE-862
Missing Authorization
CVE-2024-32799
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.11%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:50
Updated-05 Feb, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Property Listings plugin <= 3.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3.

Action-Not Available
Vendor-realestateconnectedMerv Barrettrealestateconnected
Product-easy_property_listingsEasy Property Listingseasy_property_listings
CWE ID-CWE-862
Missing Authorization
CVE-2024-32678
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.24%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:21
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TrackShip for WooCommerce plugin <= 1.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5.

Action-Not Available
Vendor-TrackShip
Product-TrackShip for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-32792
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.43%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:57
Updated-29 May, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.

Action-Not Available
Vendor-Incsub, LLC
Product-hummingbirdHummingbird
CWE ID-CWE-862
Missing Authorization
CVE-2024-32814
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.75%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:40
Updated-09 Aug, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Local Pickup for WooCommerce plugin <= 1.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.1.

Action-Not Available
Vendor-Zoremzorem
Product-Advanced Local Pickup for WooCommerceadvanced_local_pickup_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-32719
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 12:21
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Club Manager plugin <= 2.2.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Club Manager.This issue affects WP Club Manager: from n/a through 2.2.11.

Action-Not Available
Vendor-WP Club Manager
Product-WP Club Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-32798
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.17%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:51
Updated-10 Feb, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Travel Engine plugin <= 5.8.0 - Price Manipulation vulnerability

Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0.

Action-Not Available
Vendor-wptravelengineWP Travel Enginewptravelengine
Product-wp_travel_engineWP Travel Enginewp_travel_engine
CWE ID-CWE-862
Missing Authorization
CVE-2024-32684
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.34%
||
7 Day CHG~0.00%
Published-22 Apr, 2024 | 10:38
Updated-09 Feb, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability

Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5.

Action-Not Available
Vendor-wpmetWpmet
Product-wp_ultimate_reviewWp Ultimate Review
CWE ID-CWE-862
Missing Authorization
CVE-2024-3268
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 55.78%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 11:33
Updated-07 Feb, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress <= 3.3.6 - Missing Authorization to Arbitrary Post/Page Creation

The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it possible for unauthenticated attackers to create arbitrary posts or pages.

Action-Not Available
Vendor-emarketdesignemarket-design
Product-youtube_video_galleryYouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2024-3213
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 55.94%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 18:59
Updated-04 Feb, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS.

Action-Not Available
Vendor-relevanssimsaariRelevanssirelevanssi
Product-relevanssiRelevanssi – A Better Search (Pro)Relevanssi – A Better Searchrelevanssi
CWE ID-CWE-862
Missing Authorization
CVE-2024-32725
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.75%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 16:52
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 5 Stars Rating Funnel plugin 1.2.67 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saleswonder 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67.

Action-Not Available
Vendor-Saleswonder5_stars_rating_funnel_project
Product-5 Stars Rating Funnel5_stars_rating_funnel
CWE ID-CWE-862
Missing Authorization
CVE-2024-32518
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.37%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:36
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PeproDev Ultimate Invoice plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0.

Action-Not Available
Vendor-Pepro Dev. Group
Product-PeproDev Ultimate Invoice
CWE ID-CWE-862
Missing Authorization
CVE-2024-32679
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.35%
||
7 Day CHG~0.00%
Published-23 Apr, 2024 | 14:12
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through 1.7.16.

Action-Not Available
Vendor-Shared Files PROtammersoft
Product-Shared Filesshared_files
CWE ID-CWE-862
Missing Authorization
CVE-2024-32802
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.99%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:38
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Better Messages plugin <= 2.4.32 - Broken Authentication vulnerability

Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32.

Action-Not Available
Vendor-WordPlus
Product-BP Better Messages
CWE ID-CWE-862
Missing Authorization
CVE-2024-32826
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.34%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 11:09
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0.

Action-Not Available
Vendor-Vektor,Inc.
Product-VK Block Patterns
CWE ID-CWE-862
Missing Authorization
CVE-2024-32727
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.75%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 15:02
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through 1.1.2.

Action-Not Available
Vendor-Romethemerometheme
Product-RomethemeForm For Elementorromethemeform_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-32715
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.84%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 16:53
Updated-29 May, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Olive One Click Demo Import plugin <= 1.1.1 - Arbitrary File Download vulnerability

Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.

Action-Not Available
Vendor-olivethemesOlive Themesolivethemes
Product-olive_one_click_demo_importOlive One Click Demo Importolive_one_click_demo_import
CWE ID-CWE-862
Missing Authorization
CVE-2024-32820
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.75%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:35
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerability

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.6.2.

Action-Not Available
Vendor-Social Share Prosocialshare
Product-Social Share Icons & Social Share Buttonssocial_share_icons_\&_social_share_buttons
CWE ID-CWE-862
Missing Authorization
CVE-2024-31274
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.59%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:18
Updated-01 Nov, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmbedPress plugin <= 3.9.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.11.

Action-Not Available
Vendor-WPDeveloper
Product-embedpressEmbedPressembedpress
CWE ID-CWE-862
Missing Authorization
CVE-2024-30463
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.37%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 16:22
Updated-13 Mar, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BEAR plugin <= 1.1.4.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.3.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-bear_-_woocommerce_bulk_editor_and_products_manager_professionalBEAR
CWE ID-CWE-862
Missing Authorization
CVE-2024-31432
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.34%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 09:31
Updated-02 Aug, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Restrict Content plugin <= 3.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through 3.2.8.

Action-Not Available
Vendor-The Events Calendar (StellarWP)Liquid Web, LLC
Product-Restrict Contentrestrict_content
CWE ID-CWE-862
Missing Authorization
CVE-2024-31297
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.80%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 15:58
Updated-24 Mar, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wholesale For WooCommerce plugin <= 2.3.1 - Unauthenticated Arbitrary Post/Page vulnerability

Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.

Action-Not Available
Vendor-wpexpertsWPExpertswpexperts
Product-wholesale_for_woocommerceWholesale For WooCommercewholesale_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-30544
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.11%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:04
Updated-05 Nov, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Whizzy plugin <= 1.1.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in UPQODE Whizzy.This issue affects Whizzy: from n/a through 1.1.18.

Action-Not Available
Vendor-upqodeUPQODEupqode
Product-whizzyWhizzywhizzy
CWE ID-CWE-862
Missing Authorization
CVE-2024-30459
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.75%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 13:22
Updated-02 Aug, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI WP Writer plugin <= 3.6.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through 3.6.5.

Action-Not Available
Vendor-AIpost
Product-AI WP Writer
CWE ID-CWE-862
Missing Authorization
CVE-2024-31230
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.34%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 17:46
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortPixel Adaptive Images plugin <= 3.8.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2.

Action-Not Available
Vendor-ShortPixel
Product-ShortPixel Adaptive Images
CWE ID-CWE-862
Missing Authorization
CVE-2024-31242
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.09%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 17:48
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary Email Sending vulnerability

Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.

Action-Not Available
Vendor-Bricksforgebricksforge
Product-Bricksforgebricksforge
CWE ID-CWE-862
Missing Authorization
CVE-2024-1562
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.02%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 03:36
Updated-07 Mar, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings.

Action-Not Available
Vendor-gsheetconnectorwesterndealgsheetconnector
Product-woocommerce_google_sheet_connectorWooCommerce Google Sheet Connectorwoocommerce_google_sheet_connector
CWE ID-CWE-862
Missing Authorization
CVE-2022-48491
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.44%
||
7 Day CHG~0.00%
Published-19 Jun, 2023 | 00:00
Updated-17 Dec, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiHarmonyOSEMUI
CWE ID-CWE-862
Missing Authorization
CVE-2024-2508
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.69%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:30
Updated-31 Jul, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification

The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the '_mobmenu_icon' post meta to arbitrary posts with an arbitrary (but sanitized) value. NOTE: Version 2.8.4.4 contains a partial fix for this vulnerability.

Action-Not Available
Vendor-takanakuifreshlight
Product-WP Mobile Menu – The Mobile-Friendly Responsive Menuwp_mobile_menu
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • 10
  • Next
Details not found