Missing Authorization vulnerability in QuantumCloud SEO Help allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SEO Help: from n/a through 6.6.1.
Missing Authorization vulnerability in NotFound Site Notify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Notify: from n/a through 1.0.
Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shopify to WooCommerce Migration: from n/a through 1.3.0.
Missing Authorization vulnerability in jeffikus WooTumblog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooTumblog: from n/a through 2.1.4.
Missing Authorization vulnerability in richtexteditor Rich Text Editor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Text Editor: from n/a through 1.0.1.
Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.19.
Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Residential Address Detection: from n/a through 2.5.4.
Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.2.
Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode.
The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19. This makes it possible for unauthenticated attackers to delete Table Rates that can impact the shipping cost calculations.
Missing Authorization vulnerability in enituretechnology Small Package Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.9.
Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22.
Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1.
Missing Authorization vulnerability in Speedcomp Linet ERP-Woocommerce Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Linet ERP-Woocommerce Integration: from n/a through 3.5.7.
Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0.
Missing Authorization vulnerability in Ays Pro Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Poll Maker: from n/a through 5.5.0.
Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Gallery – Responsive Photo Gallery: from n/a through 1.0.5.
Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2.
Missing Authorization vulnerability in Themefic Instantio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Instantio: from n/a through 3.3.7.
Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 12 Step Meeting List: from n/a through 3.16.5.
Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OPSI Israel Domestic Shipments: from n/a through 2.6.6.
Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push Notification for Post and BuddyPress: from n/a through 2.11.
Missing Authorization vulnerability in FADI MED Editor Wysiwyg Background Color allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Editor Wysiwyg Background Color: from n/a through 1.0.
Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2.
The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings.
Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8.
Missing Authorization vulnerability in mgplugin EMI Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EMI Calculator: from n/a through 1.1.
Missing Authorization vulnerability in FeedFocal FeedFocal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FeedFocal: from n/a through 1.2.2.
Missing Authorization vulnerability in Eniture Technology Pallet Packaging for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through 1.1.15.
Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ksher: from n/a through 1.1.2.
Missing Authorization vulnerability in AwesomeTOGI Awesome Event Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Event Booking: from n/a through 2.7.2.
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID, resulting in a Denial-of-Service attack (DOS). Version 4.0.0-beta.361 fixes the issue.
Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.7.2.
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings.
The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'import_action' and 'install_plugin_per_demo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with subscriber-level permissions or above, to delete or change plugin settings, import demo data, and install limited plugins.
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.
The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete arbitrary posts.
The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect square.
Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51.
Missing Authorization vulnerability in miniOrange YourMembership Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YourMembership Single Sign On: from n/a through 1.1.3.
Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2.
Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through 2.4.5.
Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5.
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to edit event ticket settings if the Events beta feature is enabled.
Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0.
Missing Authorization vulnerability in wppal Easy Captcha allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Captcha: from n/a through 1.0.
Missing Authorization vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through 5.0.5.1.
Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6.