Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-45631

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-02 Jan, 2025 | 11:59
Updated At-06 Jan, 2025 | 20:06
Rejected At-
Credits

WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:02 Jan, 2025 | 11:59
Updated At:06 Jan, 2025 | 20:06
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.

Affected Products
Vendor
WpDevArtwpdevart
Product
Responsive Image Gallery, Gallery Album
Collection URL
https://wordpress.org/plugins
Package Name
gallery-album
Default Status
unaffected
Versions
Affected
  • From n/a through 2.0.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
Solutions
Configurations
Workarounds
Exploits
Credits
finder
thiennv (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/gallery-album/vulnerability/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/gallery-album/vulnerability/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:02 Jan, 2025 | 12:15
Updated At:21 Mar, 2025 | 18:52

Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CPE Matches
WpDevArt
wpdevart
>>gallery>>Versions up to 2.0.3(inclusive)
cpe:2.3:a:wpdevart:gallery:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primaryaudit@patchstack.com
CWE ID: CWE-862
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/gallery-album/vulnerability/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/wordpress/plugin/gallery-album/vulnerability/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1042Records found
CVE-2025-24591
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG+0.01%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1.

Action-Not Available
Vendor-NinjaTeam
Product-GDPR CCPA Compliance Support
CWE ID-CWE-862
Missing Authorization
CVE-2025-24603
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders. This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.10.

Action-Not Available
Vendor-UkrSolution
Product-Print Barcode Labels for your WooCommerce products/orders
CWE ID-CWE-862
Missing Authorization
CVE-2025-24604
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.51%
||
7 Day CHG+0.01%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin <= 3.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vikas Ratudi VForm allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects VForm: from n/a through 3.0.5.

Action-Not Available
Vendor-Vikas Ratudi
Product-VForm
CWE ID-CWE-862
Missing Authorization
CVE-2025-23955
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.79%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:08
Updated-17 Jan, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Xola plugin <= 1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in xola.com Xola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through 1.6.

Action-Not Available
Vendor-xola.com
Product-Xola
CWE ID-CWE-862
Missing Authorization
CVE-2025-54695
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HT Mega Plugin plugin <= 2.9.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in HasTech HT Mega allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HT Mega: from n/a through 2.9.0.

Action-Not Available
Vendor-HasTech
Product-HT Mega
CWE ID-CWE-862
Missing Authorization
CVE-2025-23778
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.51%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Sync ActiveCampaign plugin <= 1.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through 1.3.2.

Action-Not Available
Vendor-Pravin Durugkar
Product-User Sync ActiveCampaign
CWE ID-CWE-862
Missing Authorization
CVE-2024-12327
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.95%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 04:22
Updated-07 Jan, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.

Action-Not Available
Vendor-proloybhaduri
Product-LazyLoad Background Images
CWE ID-CWE-862
Missing Authorization
CVE-2025-24584
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 13:59
Updated-27 Jan, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0.

Action-Not Available
Vendor-BdThemes
Product-Ultimate Store Kit Elementor Addons
CWE ID-CWE-862
Missing Authorization
CVE-2024-33593
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.83%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 10:09
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability

Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91.

Action-Not Available
Vendor-RedNao
Product-Smart Forms
CWE ID-CWE-862
Missing Authorization
CVE-2024-12201
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.79%
||
7 Day CHG+0.01%
Published-12 Dec, 2024 | 06:46
Updated-27 Feb, 2025 | 02:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create new form styles.

Action-Not Available
Vendor-hashthemeshashthemes
Product-hash_formHash Form – Drag & Drop Form Builder
CWE ID-CWE-862
Missing Authorization
CVE-2024-32081
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.54%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:37
Updated-02 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - Broken Access Control vulnerability

Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.

Action-Not Available
Vendor-websupporter_filter_custom_fields_\&_taxonomies_light_projectWebsupporter
Product-websupporter_filter_custom_fields_\&_taxonomies_lightFilter Custom Fields & Taxonomies Light
CWE ID-CWE-862
Missing Authorization
CVE-2025-23999
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.72%
||
7 Day CHG~0.00%
Published-18 Jun, 2025 | 09:26
Updated-18 Jun, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13.

Action-Not Available
Vendor-Cloudways
Product-Breeze
CWE ID-CWE-862
Missing Authorization
CVE-2024-12263
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.38%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 05:24
Updated-12 Dec, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Child Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete

The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete cloud snippets. Please note that this vulnerability was present in the Cloud Library Addon used by the plugin and not in the plugin itself, the cloud library has been removed entirely.

Action-Not Available
Vendor-lordspace
Product-Child Theme Creator by Orbisius
CWE ID-CWE-862
Missing Authorization
CVE-2025-24571
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG+0.01%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Fast Total Search plugin <= 1.78.258 - Broken Access Control vulnerability

Missing Authorization vulnerability in Epsiloncool WP Fast Total Search allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Fast Total Search: from n/a through 1.78.258.

Action-Not Available
Vendor-Epsiloncool
Product-WP Fast Total Search
CWE ID-CWE-862
Missing Authorization
CVE-2025-23916
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.70%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Meetup plugin <= 2.3.0 - Settings Change vulnerability

Missing Authorization vulnerability in Nuanced Media WP Meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through 2.3.0.

Action-Not Available
Vendor-Nuanced Media
Product-WP Meetup
CWE ID-CWE-862
Missing Authorization
CVE-2024-12018
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.14%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 05:24
Updated-12 Dec, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion

The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's Shortcodes.

Action-Not Available
Vendor-aliakro
Product-Snippet Shortcodes
CWE ID-CWE-862
Missing Authorization
CVE-2024-32792
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.38%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:57
Updated-29 May, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.

Action-Not Available
Vendor-Incsub, LLC
Product-hummingbirdHummingbird
CWE ID-CWE-862
Missing Authorization
CVE-2025-23785
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.09%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Responsive Gallery Album plugin <= 1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4.

Action-Not Available
Vendor-August Infotech
Product-AI Responsive Gallery Album
CWE ID-CWE-862
Missing Authorization
CVE-2024-12113
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-25 Jan, 2025 | 07:24
Updated-28 May, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Review Deletion

The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_user_review() and delete_review() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user's reviews.

Action-Not Available
Vendor-kainelabsyouzify
Product-youzifyYouzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2025-23954
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.79%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:08
Updated-17 Jan, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salvador – AI Image Generator plugin <= 1.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11.

Action-Not Available
Vendor-AWcode & KingfisherFox
Product-Salvador – AI Image Generator
CWE ID-CWE-862
Missing Authorization
CVE-2023-3131
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.24%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 12:41
Updated-12 Nov, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.

Action-Not Available
Vendor-inspireuiUnknown
Product-mstore_apiMStore API
CWE ID-CWE-862
Missing Authorization
CVE-2023-30476
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.56%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blogger Buzz theme <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sparkle Themes Blogger Buzz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blogger Buzz: from n/a through 1.2.2.

Action-Not Available
Vendor-Sparkle Themes
Product-Blogger Buzz
CWE ID-CWE-862
Missing Authorization
CVE-2024-32701
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.54%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 17:19
Updated-25 Sep, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress InstaWP Connect plugin <= 0.1.0.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through 0.1.0.24.

Action-Not Available
Vendor-instawpInstaWP Team
Product-instawp_connectInstaWP Connect
CWE ID-CWE-862
Missing Authorization
CVE-2025-23776
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.09%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-17 Jan, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cache Sniper for Nginx plugin <= 1.0.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2.

Action-Not Available
Vendor-Thorn Technologies LLC
Product-Cache Sniper for Nginx
CWE ID-CWE-862
Missing Authorization
CVE-2023-3053
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.80%
||
7 Day CHG~0.00%
Published-02 Jun, 2023 | 23:37
Updated-20 Dec, 2024 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status.

Action-Not Available
Vendor-azexoazexo
Product-page_builder_with_image_map_by_azexoPage Builder with Image Map by AZEXO
CWE ID-CWE-862
Missing Authorization
CVE-2025-23957
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.79%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:08
Updated-17 Jan, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sur.ly plugin <= 3.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sur.ly Sur.ly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sur.ly: from n/a through 3.0.3.

Action-Not Available
Vendor-Sur.ly
Product-Sur.ly
CWE ID-CWE-862
Missing Authorization
CVE-2025-23930
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.79%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:07
Updated-17 Jan, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PayPal Marketing Solutions plugin <= 1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2.

Action-Not Available
Vendor-iTechArt-Group
Product-PayPal Marketing Solutions
CWE ID-CWE-862
Missing Authorization
CVE-2024-32522
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.83%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:31
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Open Close WooCommerce Store plugin <= 4.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1.

Action-Not Available
Vendor-Jaed Mosharraf & Pluginbazar Team
Product-Open Close WooCommerce Store
CWE ID-CWE-862
Missing Authorization
CVE-2025-22681
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:23
Updated-03 Feb, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Content Cloner plugin <= 1.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1.

Action-Not Available
Vendor-Xfinity Soft
Product-Content Cloner
CWE ID-CWE-862
Missing Authorization
CVE-2024-32520
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.83%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:33
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPC Grouped Product for WooCommerce plugin <= 4.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPClever WPC Grouped Product for WooCommerce.This issue affects WPC Grouped Product for WooCommerce: from n/a through 4.4.2.

Action-Not Available
Vendor-WPClever
Product-WPC Grouped Product for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-22722
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.79%
||
7 Day CHG+0.01%
Published-21 Jan, 2025 | 17:21
Updated-21 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Widget Options plugin <= 4.0.8 - Broken Access Control to Notice Dimissal vulnerability

Missing Authorization vulnerability in Widget Options Team Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Widget Options: from n/a through 4.0.8.

Action-Not Available
Vendor-Widget Options Team
Product-Widget Options
CWE ID-CWE-862
Missing Authorization
CVE-2024-10614
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.70%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 05:39
Updated-05 Feb, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel and import or check on the status.

Action-Not Available
Vendor-cusrevivole
Product-customer_reviews_for_woocommerceCustomer Reviews for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-1092
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.41%
||
7 Day CHG~0.00%
Published-05 Feb, 2024 | 21:21
Updated-03 Sep, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them.

Action-Not Available
Vendor-Themeisle
Product-rss_aggregator_by_feedzyRSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator
CWE ID-CWE-862
Missing Authorization
CVE-2025-22694
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:23
Updated-03 Feb, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0.

Action-Not Available
Vendor-theDotstore
Product-Hide Shipping Method For WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-1089
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.69%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 18:56
Updated-27 Dec, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.

Action-Not Available
Vendor-imagerecycleimagerecycle
Product-imagerecycle_pdf_\&_image_compressionImageRecycle pdf & image compression
CWE ID-CWE-862
Missing Authorization
CVE-2024-32689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.91%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 10:33
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3.

Action-Not Available
Vendor-GenialSoulsgenialsouls
Product-WP Social Commentswp_social_comments
CWE ID-CWE-862
Missing Authorization
CVE-2024-10664
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.34%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 07:32
Updated-04 Dec, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update

The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.16.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the database.

Action-Not Available
Vendor-codesavory
Product-Knowledge Base documentation & wiki plugin – BasePress Docs
CWE ID-CWE-862
Missing Authorization
CVE-2024-11354
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-21 Nov, 2024 | 02:06
Updated-26 Nov, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Playlist/Video Deletion

The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete single playlists.

Action-Not Available
Vendor-codelizarcodelizarplugs
Product-ultimate_youtube_video_\&_shorts_player_with_vimeoUltimate YouTube Video & Shorts Player With Vimeo
CWE ID-CWE-862
Missing Authorization
CVE-2025-22667
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 9.98%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 14:24
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin <= 1.8.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through 1.8.2.

Action-Not Available
Vendor-Creative Werk Designs
Product-Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets
CWE ID-CWE-862
Missing Authorization
CVE-2024-11271
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.45%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 04:17
Updated-17 Jan, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates

The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify webinars.

Action-Not Available
Vendor-webinarpresswpwebinarsystem
Product-webinarpressWordPress Webinar Plugin – WebinarPress
CWE ID-CWE-862
Missing Authorization
CVE-2024-10853
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.60%
||
7 Day CHG+0.01%
Published-13 Nov, 2024 | 02:02
Updated-17 Jan, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete Buy one click WooCommerce orders.

Action-Not Available
Vendor-zixnnorthmule
Product-buy_one_click_woocommerceBuy one click WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-53200
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.12%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:20
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3.

Action-Not Available
Vendor-QuantumCloud
Product-ChatBot
CWE ID-CWE-862
Missing Authorization
CVE-2024-1078
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.19%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 07:32
Updated-01 Aug, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.

Action-Not Available
Vendor-AYS Pro Extensions
Product-quiz_makerQuiz Maker
CWE ID-CWE-862
Missing Authorization
CVE-2025-22671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 9.98%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 14:13
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Disable Elementor Editor Translation plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Leap13 Disable Elementor Editor Translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Disable Elementor Editor Translation: from n/a through 1.0.2.

Action-Not Available
Vendor-Leap13
Product-Disable Elementor Editor Translation
CWE ID-CWE-862
Missing Authorization
CVE-2025-23189
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.77%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 00:33
Updated-11 Feb, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN)

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability

Action-Not Available
Vendor-SAP SE
Product-SAP NetWeaver and ABAP Platform (SDCCN)
CWE ID-CWE-862
Missing Authorization
CVE-2024-10897
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 04:29
Updated-20 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install Elementor or Tutor LMS. Please note the impact of this issue is incredibly limited due to the fact that these two plugins will likely already be installed as a dependency of the plugin.

Action-Not Available
Vendor-Themeum
Product-tutor_lms_elementor_addonsTutor LMS Elementor Addons
CWE ID-CWE-862
Missing Authorization
CVE-2025-54011
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.12%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SMTP2GO plugin <= 1.12.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in SMTP2GO SMTP2GO allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMTP2GO: from n/a through 1.12.1.

Action-Not Available
Vendor-SMTP2GO
Product-SMTP2GO
CWE ID-CWE-862
Missing Authorization
CVE-2024-10786
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 02:02
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Local Avatars <= 2.7.11 - Missing Authorization to Authenticated (Subscriber+) User Cache Clearing

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear user caches.

Action-Not Available
Vendor-10up
Product-Simple Local Avatars
CWE ID-CWE-862
Missing Authorization
CVE-2025-53343
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.64%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 18:21
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Modernize Theme <= 3.4.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in GoodLayers Modernize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Modernize: from n/a through 3.4.0.

Action-Not Available
Vendor-GoodLayers
Product-Modernize
CWE ID-CWE-862
Missing Authorization
CVE-2024-1090
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.69%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 18:56
Updated-22 Apr, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings.

Action-Not Available
Vendor-imagerecycleimagerecycle
Product-imagerecycle_pdf_\&_image_compressionImageRecycle pdf & image compression
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • ...
  • 8
  • 9
  • 10
  • ...
  • 20
  • 21
  • Next
Details not found