Missing Authorization vulnerability in istmoplugins GetBookingsWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GetBookingsWP: from n/a through 1.1.27.
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.
Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions.
The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.
Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5.
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.8.
Missing Authorization vulnerability in BoldThemes Bold Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through 5.1.3.
Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16.
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges.
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user (including low-privileged CI/CD Developers) to obtain the global API Token signing key by accessing the /orchestrator/attributes?key=apiTokenSecret endpoint. After obtaining the key, attackers can forge JWT tokens for arbitrary user identities offline, thereby gaining complete control over the Devtron platform and laterally moving to the underlying Kubernetes cluster. This issue has been patched via commit d2b0d26.
Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30.
Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12.
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account.
Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.6.
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a through 3.9.1.
Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.2.
Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.9.
Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.14.
Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0.
Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: from n/a through 2.0.84.
Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3.
Missing Authorization vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.15.
Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.
Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72.
Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6.
Missing Authorization vulnerability in SiteLock SiteLock Security sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through <= 5.0.2.
Missing Authorization vulnerability in Leevio Happy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through 3.12.3.
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5.
Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.
Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5.
SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7.
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7.
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.1.
Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.
Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4.
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5.
Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6.
Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0.
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1.
Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WHMpress: from n/a through 6.2-revision-5.
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.4.5.