Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-12296

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-12 Feb, 2025 | 09:22
Updated At-12 Feb, 2025 | 16:07
Rejected At-
Credits

Apus Framework <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options

The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:12 Feb, 2025 | 09:22
Updated At:12 Feb, 2025 | 16:07
Rejected At:
▼CVE Numbering Authority (CNA)
Apus Framework <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options

The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Affected Products
Vendor
ApusTheme
Product
Apus Framework
Default Status
unaffected
Versions
Affected
  • From * through 2.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Tonn
Timeline
EventDate
Vendor Notified2024-12-06 00:00:00
Disclosed2025-02-11 00:00:00
Event: Vendor Notified
Date: 2024-12-06 00:00:00
Event: Disclosed
Date: 2025-02-11 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/dda2c437-8f41-480a-8816-2c07ab0eafa7?source=cve
N/A
https://themeforest.net/item/superio-job-board-wordpress-theme/32180231
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/dda2c437-8f41-480a-8816-2c07ab0eafa7?source=cve
Resource: N/A
Hyperlink: https://themeforest.net/item/superio-job-board-wordpress-theme/32180231
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:12 Feb, 2025 | 10:15
Updated At:20 Feb, 2025 | 16:09

The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
apusthemes
apusthemes
>>superio>>Versions up to 2.3(inclusive)
cpe:2.3:a:apusthemes:superio:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://themeforest.net/item/superio-job-board-wordpress-theme/32180231security@wordfence.com
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/dda2c437-8f41-480a-8816-2c07ab0eafa7?source=cvesecurity@wordfence.com
Third Party Advisory
Hyperlink: https://themeforest.net/item/superio-job-board-wordpress-theme/32180231
Source: security@wordfence.com
Resource:
Product
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/dda2c437-8f41-480a-8816-2c07ab0eafa7?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

527Records found
CVE-2021-1508
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.06% / 77.25%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:41
Updated-08 Nov, 2024 | 23:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-862
Missing Authorization
CVE-2024-50455
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.74%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:03
Updated-07 Nov, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.

Action-Not Available
Vendor-seopressThe SEO Guys at SEOPress
Product-seopressSEOPress
CWE ID-CWE-862
Missing Authorization
CVE-2021-1505
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.23% / 78.85%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:41
Updated-08 Nov, 2024 | 23:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-862
Missing Authorization
CVE-2024-49325
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.84%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 10:40
Updated-22 Oct, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Gallery Builder plugin <= 3.0 - Broken Access Control to Notice Dismissal vulnerability

Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions.

Action-Not Available
Vendor-wpdiscoverwpdiscover
Product-photo_gallery_builderPhoto Gallery Builder
CWE ID-CWE-862
Missing Authorization
CVE-2022-3911
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.01%
||
7 Day CHG~0.00%
Published-02 Jan, 2023 | 21:49
Updated-10 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc

Action-Not Available
Vendor-iubendaUnknown
Product-iubenda-cookie-law-solutioniubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2021-23014
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.53%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 14:35
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_advanced_web_application_firewallbig-ip_application_security_managerBIG-IP ASM/Advanced WAF
CWE ID-CWE-862
Missing Authorization
CVE-2015-10140
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-50.29% / 97.76%
||
7 Day CHG~0.00%
Published-22 Jul, 2025 | 13:20
Updated-09 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.

Action-Not Available
Vendor-connekthqUnknown
Product-ajax_load_moreAjax Load More
CWE ID-CWE-862
Missing Authorization
CVE-2022-40203
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 28.11%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 16:08
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control

Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5.

Action-Not Available
Vendor-AlgolPlus
Product-advanced_dynamic_pricing_for_woocommerceAdvanced Dynamic Pricing for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-50456
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.93%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:00
Updated-07 Nov, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.

Action-Not Available
Vendor-seopressThe SEO Guys at SEOPress
Product-seopressSEOPress
CWE ID-CWE-862
Missing Authorization
CVE-2024-47314
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.72% / 71.99%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-19 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sunshine Photo Cart plugin <= 3.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.8.

Action-Not Available
Vendor-sunshinephotocartWP Sunshine
Product-sunshine_photo_cartSunshine Photo Cart
CWE ID-CWE-862
Missing Authorization
CVE-2024-50417
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.53%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:30
Updated-08 Jan, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in BoldThemes Bold Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through 5.1.3.

Action-Not Available
Vendor-BoldThemes
Product-bold_page_builderBold Page Builder
CWE ID-CWE-862
Missing Authorization
CVE-2024-47362
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.60% / 68.79%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-05 Nov, 2024 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Strong Testimonials plugin <= 3.1.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16.

Action-Not Available
Vendor-wpchillWPChill
Product-strong_testimonialsStrong Testimonials
CWE ID-CWE-862
Missing Authorization
CVE-2024-45760
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.49% / 64.99%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 16:17
Updated-04 Feb, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell OpenManage Server Administrator
CWE ID-CWE-862
Missing Authorization
CVE-2026-25538
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.05% / 14.01%
||
7 Day CHG+0.01%
Published-04 Feb, 2026 | 21:37
Updated-11 Feb, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user (including low-privileged CI/CD Developers) to obtain the global API Token signing key by accessing the /orchestrator/attributes?key=apiTokenSecret endpoint. After obtaining the key, attackers can forge JWT tokens for arbitrary user identities offline, thereby gaining complete control over the Devtron platform and laterally moving to the underlying Kubernetes cluster. This issue has been patched via commit d2b0d26.

Action-Not Available
Vendor-devtrondevtron-labs
Product-devtrondevtron
CWE ID-CWE-862
Missing Authorization
CVE-2024-43296
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.94%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30.

Action-Not Available
Vendor-bpluginsbPlugins LLC
Product-html5_video_playerFlash & HTML5 Video
CWE ID-CWE-862
Missing Authorization
CVE-2024-43343
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.94%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Order Tracking – WordPress Status Tracking Plugin plugin < 3.3.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12.

Action-Not Available
Vendor-etoilewebdesignEtoile Web Design
Product-order_trackingOrder Tracking
CWE ID-CWE-862
Missing Authorization
CVE-2024-4351
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-28.12% / 96.36%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 09:32
Updated-22 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS Protutor_lms
CWE ID-CWE-862
Missing Authorization
CVE-2024-44006
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.32%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-08 Nov, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.6.

Action-Not Available
Vendor-onthegosystemsOnTheGoSystems
Product-woocommerce_multilingual_\&_multicurrencyWooCommerce Multilingual & Multicurrency
CWE ID-CWE-862
Missing Authorization
CVE-2024-4352
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-23.34% / 95.82%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 09:32
Updated-22 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS Protutor_lms_pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-43118
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.05%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-15 May, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hummingbird plugin <= 3.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a through 3.9.1.

Action-Not Available
Vendor-Incsub, LLC
Product-hummingbirdHummingbird
CWE ID-CWE-862
Missing Authorization
CVE-2024-43932
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 56.81%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.2.

Action-Not Available
Vendor-posimythPOSIMYTH
Product-the_plus_addons_for_elementorThe Plus Addons for Elementor Page Builder Lite
CWE ID-CWE-862
Missing Authorization
CVE-2024-43310
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 59.46%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.9.

Action-Not Available
Vendor-ukrsolutionUkrSolution
Product-print_labels_with_barcodesPrint Barcode Labels for your WooCommerce products/orders
CWE ID-CWE-862
Missing Authorization
CVE-2024-43925
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.53%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Envira Gallery Lite plugin <= 1.8.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.14.

Action-Not Available
Vendor-Envira Gallery, LLC (Envira Gallery)
Product-envira_galleryEnvira Photo Gallery
CWE ID-CWE-862
Missing Authorization
CVE-2024-43355
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.94%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JoomSport plugin <= 5.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0.

Action-Not Available
Vendor-beardevBearDev
Product-joomsportJoomSport
CWE ID-CWE-862
Missing Authorization
CVE-2024-47317
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 65.57%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-12 Nov, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ads by WPQuads plugin <= 2.0.84 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: from n/a through 2.0.84.

Action-Not Available
Vendor-wpquadsWP Quads
Product-adsAds by WPQuads – Adsense Ads, Banner Ads, Popup Ads
CWE ID-CWE-862
Missing Authorization
CVE-2024-48044
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 47.40%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-19 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3.

Action-Not Available
Vendor-shortpixelShortPixel – Convert WebP/AVIF & Optimize Images
Product-image_optimizerShortPixel Image Optimizer
CWE ID-CWE-862
Missing Authorization
CVE-2024-48039
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.16%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-19 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.15.

Action-Not Available
Vendor-cubewpCubeWP
Product-cubewpCubeWP – All-in-One Dynamic Content Framework
CWE ID-CWE-862
Missing Authorization
CVE-2022-3512
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 33.49%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 09:22
Updated-06 May, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-warpWARP
CWE ID-CWE-862
Missing Authorization
CVE-2024-47318
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.41% / 61.02%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-12 Nov, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PWA for WP & AMP plugin <= 1.7.72 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72.

Action-Not Available
Vendor-Mohammed & Ahmed Kaludi (Magazine3)
Product-pwa_for_wp_\&_ampPWA for WP & AMP
CWE ID-CWE-862
Missing Authorization
CVE-2024-47361
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.78%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-12 Nov, 2024 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Elementor Addon Elements plugin <= 1.13.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6.

Action-Not Available
Vendor-webtechstreetWPVibes
Product-elementor_addon_elementsElementor Addon Elements
CWE ID-CWE-862
Missing Authorization
CVE-2026-24532
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.17%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 14:28
Updated-26 Jan, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SiteLock Security plugin <= 5.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SiteLock SiteLock Security sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through <= 5.0.2.

Action-Not Available
Vendor-SiteLock
Product-SiteLock Security
CWE ID-CWE-862
Missing Authorization
CVE-2024-48045
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.32%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-19 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Happy Elementor Addons plugin <= 3.12.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Leevio Happy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through 3.12.3.

Action-Not Available
Vendor-leevioLeevio
Product-happy_addons_for_elementorHappy Addons for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2022-34344
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.08%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 21:13
Updated-23 May, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5.

Action-Not Available
Vendor-rymeraRymera Web Co
Product-wholesale_suiteWholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More
CWE ID-CWE-862
Missing Authorization
CVE-2024-38707
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 38.25%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-24 Mar, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmbedPress plugin <= 4.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.

Action-Not Available
Vendor-WPDeveloper
Product-embedpressEmbedPress
CWE ID-CWE-862
Missing Authorization
CVE-2026-23974
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.17%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Golo theme < 1.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.

Action-Not Available
Vendor-uxper
Product-Golo
CWE ID-CWE-862
Missing Authorization
CVE-2026-24356
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.17%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.

Action-Not Available
Vendor-Roxnor
Product-GetGenie
CWE ID-CWE-862
Missing Authorization
CVE-2024-37232
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.63% / 69.77%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hercules Core plugin <= 6.5 - Subscriber+ Arbitrary Settings Change/Access vulnerability

Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5.

Action-Not Available
Vendor-Hercules Designtoddnestor
Product-Hercules Corehercules_core
CWE ID-CWE-862
Missing Authorization
CVE-2022-31595
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.43%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 18:45
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Action-Not Available
Vendor-SAP SE
Product-adaptive_server_enterpriseSAP Financial Consolidation
CWE ID-CWE-862
Missing Authorization
CVE-2024-35741
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.87%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:41
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7.

Action-Not Available
Vendor-getawesomesupportAwesome Support Team
Product-awesome_supportAwesome Support
CWE ID-CWE-862
Missing Authorization
CVE-2024-35720
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.74%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:59
Updated-25 Sep, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7.

Action-Not Available
Vendor-A WP Life
Product-album_galleryAlbum Gallery – WordPress Gallery
CWE ID-CWE-862
Missing Authorization
CVE-2024-43136
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.37%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-04 Apr, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sunshine Photo Cart plugin <= 3.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.1.

Action-Not Available
Vendor-sunshinephotocartWP Sunshine
Product-sunshine_photo_cartSunshine Photo Cart
CWE ID-CWE-862
Missing Authorization
CVE-2024-35729
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 53.12%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:44
Updated-09 Aug, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.

Action-Not Available
Vendor-tickeraTickeratickera
Product-tickeraTickeratickera
CWE ID-CWE-862
Missing Authorization
CVE-2024-43928
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.32% / 54.72%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-12 Nov, 2024 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4.

Action-Not Available
Vendor-eyecixeyecix
Product-jobsearch_wp_job_boardJobSearch
CWE ID-CWE-862
Missing Authorization
CVE-2024-35721
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.74%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:57
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5.

Action-Not Available
Vendor-A WP Life
Product-image_galleryImage Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery
CWE ID-CWE-862
Missing Authorization
CVE-2024-35727
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.73%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:45
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Extra Product Options for WooCommerce plugin <= 3.0.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6.

Action-Not Available
Vendor-actproactpro
Product-extra_product_options_for_woocommerceExtra Product Options for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-43332
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.31%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0.

Action-Not Available
Vendor-meowappsJordy Meow
Product-photo_enginePhoto Engine
CWE ID-CWE-862
Missing Authorization
CVE-2024-43293
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.94%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1.

Action-Not Available
Vendor-wpzoomWPZOOM
Product-recipe_card_blocks_for_gutenberg_\&_elementorRecipe Card Blocks for Gutenberg & Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-43247
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.71%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 17:14
Updated-19 Aug, 2024 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WHMpress plugin <= 6.2-revision-5 - Subscriber+ Arbitrary Settings Change vulnerability

Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5.

Action-Not Available
Vendor-creativeoncreativeon
Product-WHMpresswhmpress
CWE ID-CWE-862
Missing Authorization
CVE-2024-43297
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.22%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5.

Action-Not Available
Vendor-backupblissMigrate
Product-cloneClone
CWE ID-CWE-862
Missing Authorization
CVE-2024-33595
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.49% / 65.04%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 09:16
Updated-03 Feb, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on Duplicate Post vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.

Action-Not Available
Vendor-master-addonsJewel Theme
Product-master_addonsMaster Addons for Elementor
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found