Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-12712

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-08 Jan, 2025 | 09:18
Updated At-08 Jan, 2025 | 13:57
Rejected At-
Credits

Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:08 Jan, 2025 | 09:18
Updated At:08 Jan, 2025 | 13:57
Rejected At:
▼CVE Numbering Authority (CNA)
Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses.

Affected Products
Vendor
levelfourstorefront
Product
Shopping Cart & eCommerce Store
Default Status
unaffected
Versions
Affected
  • From * through 5.7.8 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Lucio Sá
Timeline
EventDate
Disclosed2025-01-07 21:10:58
Event: Disclosed
Date: 2025-01-07 21:10:58
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/28a3f382-3801-4e98-9004-56c27a85f0a2?source=cve
N/A
https://plugins.trac.wordpress.org/changeset/3211285/wp-easycart/trunk/wpeasycart.php
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/28a3f382-3801-4e98-9004-56c27a85f0a2?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3211285/wp-easycart/trunk/wpeasycart.php
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:08 Jan, 2025 | 10:15
Updated At:08 Jan, 2025 | 10:15

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/changeset/3211285/wp-easycart/trunk/wpeasycart.phpsecurity@wordfence.com
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/28a3f382-3801-4e98-9004-56c27a85f0a2?source=cvesecurity@wordfence.com
N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3211285/wp-easycart/trunk/wpeasycart.php
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/28a3f382-3801-4e98-9004-56c27a85f0a2?source=cve
Source: security@wordfence.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

650Records found
CVE-2024-10393
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.49%
||
7 Day CHG-0.00%
Published-21 Nov, 2024 | 06:49
Updated-23 Jan, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration

The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS – eLearning and online course solutiontutor_lms
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2024-0516
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.10%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 18:56
Updated-08 Jan, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata.

Action-Not Available
Vendor-Royal Elementor Addons
Product-royal_elementor_addonsRoyal Elementor Addons and Templates
CWE ID-CWE-862
Missing Authorization
CVE-2024-1044
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 51.85%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 18:56
Updated-11 Jul, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled.

Action-Not Available
Vendor-cusrevivolecusrev
Product-customer_reviews_for_woocommerceCustomer Reviews for WooCommercecustomer_reviews_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-0619
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 52.49%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 03:33
Updated-01 Aug, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the payment_callback() function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders, which can potentially lead to revenue loss.

Action-Not Available
Vendor-payflextomlistertomlister
Product-payment_gatewayPayflex Payment Gatewaypayflex_payment_gateway
CWE ID-CWE-862
Missing Authorization
CVE-2024-37255
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.75%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-11 Apr, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ElementsKit Lite plugin <= 3.1.4 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elements kit Elementor addons: from n/a through 3.1.4.

Action-Not Available
Vendor-wpmetWpmetwpmet
Product-elements_kit_elementor_addonsElements kit Elementor addonselements_kit_elementor_addons
CWE ID-CWE-862
Missing Authorization
CVE-2024-37123
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 33.44%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ibtana – WordPress Website Builder plugin <= 1.2.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3.

Action-Not Available
Vendor-VowelWebvowelweb
Product-Ibtanaibtana
CWE ID-CWE-862
Missing Authorization
CVE-2024-0377
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-4.16% / 88.43%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 15:27
Updated-23 Jan, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site.

Action-Not Available
Vendor-lifterlmschrisbadgett
Product-lifterlmsLifterLMS – WordPress LMS Plugin for eLearning
CWE ID-CWE-862
Missing Authorization
CVE-2024-37427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.58%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Timetics plugin <= 1.0.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21.

Action-Not Available
Vendor-Arrayticsarraytics
Product-Timeticstimetics
CWE ID-CWE-862
Missing Authorization
CVE-2022-24594
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 50.79%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 11:31
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address.

Action-Not Available
Vendor-walinen/a
Product-walinen/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-37276
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.86%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Featured Image from URL (FIFU) plugin <= 4.8.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1.

Action-Not Available
Vendor-fifu.appfifu
Product-Featured Image from URLfeatured_image_from_url
CWE ID-CWE-862
Missing Authorization
CVE-2023-6637
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.25%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:32
Updated-03 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin settings.

Action-Not Available
Vendor-daandaanvandenbergh
Product-complete_analytics_optimization_suiteCAOS | Host Google Analytics Locally
CWE ID-CWE-862
Missing Authorization
CVE-2023-6955
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.03% / 9.62%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 13:56
Updated-17 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization in GitLab

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-862
Missing Authorization
CVE-2023-6638
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.11%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:33
Updated-03 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings.

Action-Not Available
Vendor-gutengeekgutengeek
Product-gg_woo_feedGG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels
CWE ID-CWE-862
Missing Authorization
CVE-2024-37220
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 38.99%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Optinly plugin <= 1.0.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in OptinlyHQ Optinly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optinly: from n/a through 1.0.18.

Action-Not Available
Vendor-OptinlyHQoptinly
Product-Optinlyoptinly
CWE ID-CWE-862
Missing Authorization
CVE-2025-57957
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.75%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:24
Updated-24 Sep, 2025 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooMS Plugin <= 9.12 - Broken Access Control Vulnerability

Missing Authorization vulnerability in wpcraft WooMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooMS: from n/a through 9.12.

Action-Not Available
Vendor-wpcraft
Product-WooMS
CWE ID-CWE-862
Missing Authorization
CVE-2024-0237
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 51.85%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 15:56
Updated-02 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EventON (Free < 2.2.9, Premium <= 4.5.8) - Unauthenticated Virtual Event Settings Update

The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc

Action-Not Available
Vendor-myeventonUnknown
Product-eventonEventON PremiumEventON
CWE ID-CWE-862
Missing Authorization
CVE-2025-58603
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.09%
||
7 Day CHG+0.01%
Published-03 Sep, 2025 | 14:36
Updated-04 Sep, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Surfer Plugin <= 1.6.4.574 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Surfer: from n/a through 1.6.4.574.

Action-Not Available
Vendor-Surfer
Product-Surfer
CWE ID-CWE-862
Missing Authorization
CVE-2023-6855
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 56.81%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:32
Updated-03 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). This makes it possible for unauthenticated attackers to change membership levels including prices.

Action-Not Available
Vendor-strangerstudiosstrangerstudios
Product-paid_memberships_proPaid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions
CWE ID-CWE-862
Missing Authorization
CVE-2024-35748
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.84%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:41
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4.

Action-Not Available
Vendor-opmcOPMC
Product-woocommerce_dropshippingWooCommerce Dropshipping
CWE ID-CWE-862
Missing Authorization
CVE-2024-35685
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.67%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 10:46
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Radcliffe 2 theme <= 2.0.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in Anders Norén Radcliffe 2.This issue affects Radcliffe 2: from n/a through 2.0.17.

Action-Not Available
Vendor-Anders Norénanders_noren
Product-Radcliffe 2radcliffe_2
CWE ID-CWE-862
Missing Authorization
CVE-2025-58919
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.75%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 08:31
Updated-29 Sep, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wide Banner plugin <= 1.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in guihom Wide Banner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wide Banner: from n/a through 1.0.4.

Action-Not Available
Vendor-guihom
Product-Wide Banner
CWE ID-CWE-862
Missing Authorization
CVE-2024-35683
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.56%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 13:39
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Leyka plugin <= 3.31.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1.

Action-Not Available
Vendor-Teplitsa of social technologies
Product-Leyka
CWE ID-CWE-862
Missing Authorization
CVE-2022-2461
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-22.48% / 95.70%
||
7 Day CHG+9.22%
Published-06 Sep, 2022 | 17:18
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.

Action-Not Available
Vendor-transposhoferwald
Product-transposh_wordpress_translationTransposh WordPress Translation
CWE ID-CWE-862
Missing Authorization
CVE-2025-57921
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.75%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 18:25
Updated-23 Sep, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Frontend File Manager Plugin <= 23.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in N-Media Frontend File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Frontend File Manager: from n/a through 23.2.

Action-Not Available
Vendor-N-Media
Product-Frontend File Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-35667
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 38.99%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:09
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.

Action-Not Available
Vendor-WP EasyCart
Product-WP EasyCart
CWE ID-CWE-862
Missing Authorization
CVE-2024-35661
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.06%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:33
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2.

Action-Not Available
Vendor-softlabbdSoftLab
Product-upload_fields_for_wpformsUpload Fields for WPForms
CWE ID-CWE-862
Missing Authorization
CVE-2023-5533
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 57.74%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 07:29
Updated-12 May, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users.

Action-Not Available
Vendor-quantumcloudquantumcloud
Product-wpbotAI ChatBot
CWE ID-CWE-862
Missing Authorization
CVE-2025-57896
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.09%
||
7 Day CHG~0.00%
Published-22 Aug, 2025 | 12:00
Updated-22 Aug, 2025 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability

Missing Authorization vulnerability in andy_moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Church Admin: from n/a through 5.0.26.

Action-Not Available
Vendor-andy_moyle
Product-Church Admin
CWE ID-CWE-862
Missing Authorization
CVE-2024-3599
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.81%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-10 Jul, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.

Action-Not Available
Vendor-wpekawpeka-club
Product-wp_cookie_consentWP Cookie Consent ( for GDPR, CCPA & ePrivacy )
CWE ID-CWE-862
Missing Authorization
CVE-2024-34753
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.65%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:01
Updated-07 Aug, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Radio Player plugin <= 2.0.73 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.

Action-Not Available
Vendor-softlabbdSoftLabsoftlab
Product-radio_playerRadio Playerradio_player
CWE ID-CWE-862
Missing Authorization
CVE-2024-34821
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.79%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:03
Updated-07 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability

Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through 2.9.87.

Action-Not Available
Vendor-contactlistproContact List PROtammersoft
Product-contact_listContact List – Easy Business Directory, Staff Directory and Address Book Plugincontact_list
CWE ID-CWE-862
Missing Authorization
CVE-2024-34819
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.70%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:10
Updated-09 Aug, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MC Woocommerce Wishlist plugin <= 1.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.2.

Action-Not Available
Vendor-moreconvertMoreConvertmoreconvert
Product-woocommerce_wishlistMC Woocommerce Wishlistwoocommerce_wishlist
CWE ID-CWE-862
Missing Authorization
CVE-2023-5611
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.92%
||
7 Day CHG~0.00%
Published-27 Nov, 2023 | 16:22
Updated-16 Jan, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import

The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them

Action-Not Available
Vendor-s-solsUnknown
Product-seraphinite_acceleratorSeraphinite Accelerator
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-34763
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 52.29%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:57
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.5.

Action-Not Available
Vendor-Tobias Conrad
Product-Builder for WooCommerce reviews shortcodes – ReviewShort
CWE ID-CWE-862
Missing Authorization
CVE-2024-34442
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.70%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 13:34
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress weDocs plugin <= 2.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-weDocswedocs
CWE ID-CWE-862
Missing Authorization
CVE-2024-34813
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.67%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 10:38
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.8.

Action-Not Available
Vendor-MoreConvert
Product-MC Woocommerce Wishlist
CWE ID-CWE-862
Missing Authorization
CVE-2024-34802
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.06%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:35
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.

Action-Not Available
Vendor-WP FOXLY
Product-adfoxlyAdFoxly – Ad Manager, AdSense Ads & Ads.txtadfoxly
CWE ID-CWE-862
Missing Authorization
CVE-2024-34822
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.70%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 15:26
Updated-07 Aug, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-wemailweMail
CWE ID-CWE-862
Missing Authorization
CVE-2024-35174
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.29%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 10:18
Updated-02 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability

Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.

Action-Not Available
Vendor-Flothemesflothemes
Product-Flo Formsflo_forms
CWE ID-CWE-862
Missing Authorization
CVE-2024-32820
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.12%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:35
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerability

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.6.2.

Action-Not Available
Vendor-Social Share Prosocialshare
Product-Social Share Icons & Social Share Buttonssocial_share_icons_\&_social_share_buttons
CWE ID-CWE-862
Missing Authorization
CVE-2024-32826
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.86%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 11:09
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0.

Action-Not Available
Vendor-Vektor,Inc.
Product-VK Block Patterns
CWE ID-CWE-862
Missing Authorization
CVE-2024-32798
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.98%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:51
Updated-10 Feb, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Travel Engine plugin <= 5.8.0 - Price Manipulation vulnerability

Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0.

Action-Not Available
Vendor-wptravelengineWP Travel Enginewptravelengine
Product-wp_travel_engineWP Travel Enginewp_travel_engine
CWE ID-CWE-862
Missing Authorization
CVE-2024-32792
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.95%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:57
Updated-29 May, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.

Action-Not Available
Vendor-Incsub, LLC
Product-hummingbirdHummingbird
CWE ID-CWE-862
Missing Authorization
CVE-2024-33929
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 22.63%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:21
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Directorist plugin <= 7.8.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Directorist.This issue affects Directorist: from n/a through 7.8.6.

Action-Not Available
Vendor-wpWaxWordPress.org
Product-Directoristdirectorist
CWE ID-CWE-862
Missing Authorization
CVE-2023-51377
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.67%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 05:45
Updated-07 Aug, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Everest Forms plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3.

Action-Not Available
Vendor-wpeverestWPEverest
Product-everest_formsEverest Forms
CWE ID-CWE-862
Missing Authorization
CVE-2024-33908
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 38.99%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 19:15
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WidgetKit plugin <= 2.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0.

Action-Not Available
Vendor-Themesgrove
Product-WidgetKit
CWE ID-CWE-862
Missing Authorization
CVE-2023-51496
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.67%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 05:40
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.

Action-Not Available
Vendor-WooCommerce
Product-WooCommerce Warranty Requestsreturns_and_warranty_requests
CWE ID-CWE-862
Missing Authorization
CVE-2023-52186
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.67%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:23
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2.

Action-Not Available
Vendor-WooCommerce
Product-product_vendorsWooCommerce Product Vendors
CWE ID-CWE-862
Missing Authorization
CVE-2024-3213
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.58%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 18:59
Updated-04 Feb, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS.

Action-Not Available
Vendor-relevanssiRelevanssimsaarirelevanssi
Product-relevanssiRelevanssi – A Better Search (Pro)Relevanssi – A Better Searchrelevanssi
CWE ID-CWE-862
Missing Authorization
CVE-2024-32684
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.86%
||
7 Day CHG~0.00%
Published-22 Apr, 2024 | 10:38
Updated-09 Feb, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability

Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5.

Action-Not Available
Vendor-wpmetWpmet
Product-wp_ultimate_reviewWp Ultimate Review
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found