Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-1710

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-24 Feb, 2024 | 09:38
Updated At-22 Apr, 2025 | 16:14
Rejected At-
Credits

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:24 Feb, 2024 | 09:38
Updated At:22 Apr, 2025 | 16:14
Rejected At:
▼CVE Numbering Authority (CNA)

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files.

Affected Products
Vendor
unitecms
Product
Addon Library
Default Status
unaffected
Versions
Affected
  • From * through 1.3.76 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-862 Missing Authorization
Type: N/A
CWE ID: N/A
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Lucio Sá
Timeline
EventDate
Disclosed2024-02-23 00:00:00
Event: Disclosed
Date: 2024-02-23 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve
N/A
https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
unitecms
Product
addon_library
CPEs
  • cpe:2.3:a:unitecms:addon_library:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 1.3.76 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve
x_transferred
https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39
x_transferred
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve
Resource:
x_transferred
Hyperlink: https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:26 Feb, 2024 | 16:27
Updated At:27 Feb, 2025 | 22:03

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
unlimited-elements
unlimited-elements
>>addon_library>>Versions up to 1.3.76(inclusive)
cpe:2.3:a:unlimited-elements:addon_library:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Secondarynvd@nist.gov
CWE ID: CWE-862
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39security@wordfence.com
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cvesecurity@wordfence.com
Third Party Advisory
https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39af854a3a-2127-422b-91ae-364da2661108
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cveaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39
Source: security@wordfence.com
Resource:
Product
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

537Records found
CVE-2024-35674
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.38% / 58.74%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 16:19
Updated-14 Oct, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerability

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.109.

Action-Not Available
Vendor-unlimited-elementsUnlimited Elementsunlimited-elements
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)unlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)
CWE ID-CWE-862
Missing Authorization
CVE-2023-31080
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-8.3||HIGH
EPSS-0.39% / 59.50%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 09:27
Updated-11 Oct, 2024 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.65.

Action-Not Available
Vendor-unlimited-elementsUnlimited Elements
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)
CWE ID-CWE-862
Missing Authorization
CVE-2024-4779
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.63% / 69.88%
||
7 Day CHG~0.00%
Published-23 May, 2024 | 09:32
Updated-30 Jan, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unlimited Elements for Elementor <= 1.5.107 - Authenticated (Contributor+) SQL Injection via data[post_ids][0]

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to SQL Injection via the ‘data[post_ids][0]’ parameter in all versions up to, and including, 1.5.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-unlimited-elementsunitecms
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-6743
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-5.83% / 90.33%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 04:30
Updated-30 Jan, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server.

Action-Not Available
Vendor-unlimited-elementsunitecmsunitecms
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)unlimited_elements_for_elementor
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-3055
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.42% / 61.32%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 21:32
Updated-30 Jan, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-unlimited-elementsunitecmsunlimited-elements
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)unlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-31090
Matching Score-8
Assigner-Patchstack
ShareView Details
Matching Score-8
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.31% / 54.07%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:45
Updated-05 Feb, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Unlimited Elements For Elementor plugin <= 1.5.60 - Unrestricted Zip Extraction vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.60.

Action-Not Available
Vendor-unlimited-elementsUnlimited Elementsunlimited-elements
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)unlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-14476
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.10% / 26.92%
||
7 Day CHG~0.00%
Published-13 Dec, 2025 | 04:31
Updated-15 Dec, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Doubly <= 1.0.46 - Authenticated (Subscriber+) PHP Object Injection via ZIP File Import

The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.46 via deserialization of untrusted input from the content.txt file within uploaded ZIP archives. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary code, delete files, retrieve sensitive data, or perform other actions depending on the available gadgets. This is only exploitable by subscribers, when administrators have explicitly enabled that access.

Action-Not Available
Vendor-unitecms
Product-Doubly – Cross Domain Copy Paste for WordPress
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-3295
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-4.65% / 89.05%
||
7 Day CHG~0.00%
Published-17 Jun, 2023 | 01:48
Updated-14 Oct, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 . This makes it possible for authenticated attackers, with contributor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The issue was partially patched in version 1.5.66 and fully patched in 1.5.67. CVE-2023-31231 appears to be a duplicate of this issue.

Action-Not Available
Vendor-unlimited-elementsunitecms
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-6166
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.92% / 75.49%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 04:32
Updated-01 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘addons_order’ parameter in all versions up to, and including, 1.5.112 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-unlimited-elementsunitecmsunlimited-elements
Product-unlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)Unlimited Elements For Elementor (Free Widgets, Addons, Templates)unlimited_elements_for_elementor_\(free_widgets\,_addons\,_templates\)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6315
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-6.95% / 91.23%
||
7 Day CHG~0.00%
Published-06 Aug, 2024 | 01:49
Updated-06 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload

The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Action-Not Available
Vendor-unitecmsunitecms
Product-Blox Page Builderblox_page_builder
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-5329
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.63% / 69.90%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 09:34
Updated-14 Oct, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.109 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to blind SQL Injection via the ‘data[addonID]’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-unlimited-elementsunitecms
Product-unlimited_elements_for_elementorUnlimited Elements For Elementor (Free Widgets, Addons, Templates)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-4974
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 35.86%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-16 Oct, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Freemius SDK <= 2.4.2 - Missing Authorization Checks

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.

Action-Not Available
Vendor-meepluginsclosemarketing/thecodechimetobias_conrad/themeythemessangaranwebmuehlepluginswarekhothemescodexonicswpmagicsvinod-dalvilimbcodeco2okpootlepressalexmossvanyukovstreamweaselsgowebsmartyrebelcodewpcohort/daigo75kylegilmanzerozendesignwpjoliwebba-agencylkoudalversacompsyntacticsbavokoservicesgetsparrowscrollsequencemdedevjburleigh1oceanwpattestcromer12tickeraupfivjcodexbycrikmoomooagencyiksstudiolynn999wp-makingblackandwhitedigitalxplodedthemesthijzietripettokitforestskshaikatmatthias-reuterwpsoulusmanaliqureshidangub86atakanozwebheadllcmunirkamalolezhyk5wptravelenginemattpramschuferbilaltasjanwylfrostbournwpchillldninjas/gkher/chetmacdudowpschoolcalendarcodeatlanticgaloovercommercepunditinvisnetwpscriptsmikebelstonyzeolijurskiedgegallerypluginpippozanardoprelcshawoninfomvvapps/mbrown24takanakuiuriahs-victorblockypagejkohlbachcollizo4skykitthemescypressnorthboriscolombier/woodyhaydayjwindbfintalpassionatebrainsdjenhjanthielemannmhmrajibcarlosmoreiraptrisethemevincoitdreamfoxwebtechstreetvohotv/ronena100tropicalistabradvinwpmunichgreenjaymediagiladtakonithemestylivemeshrafacarvalhidoalekvbenmoreassynthqthemesindyakinsergeimarcqueraltahmed17annastaaivacypluginandplaymaxsdesignwordpresschefkartikparmarseezeemilukove/themelocationrafalosinskisebetgloriousthemesbpluginswordpluselliotvsprinceahmedxjohnyktheafricanboss/maurolopes/cleverpluginswalkerwpwgaugediviframeworksonalsinha21therealwebdisruptclosemarketingwpgeniuzhumblethemesalex-yesebet/smartwpressweconnectcodemohsinofflineultradevsjack-kitterhingbestpluginswordpressw3scloudtobias_conradmumarym1985surbmainterfacelabseancarricoalleythemesmte90kokomowebwpcohortsamdanibeeneebmelapresswoopopsdrosendosjavedmajicktauhidproinfosatechthemeseiparetodigitalprotectyouruploadsdanielealessandramnelson4tribalnerdtprintyedisonavedavidandersonwpmoosezeethemerenaudbodappexpertsioplugins360maltathemeslostboy7patrickposnercebbicyberhoboanfrageformularhiddenpearlsdaniyalahmedkjosevegawpconedevivan_paulindipcodevernal9brada6modulemastersrankbearpremmerceflexithemescmbibby/ibenicwpvibeswpeka-clubwptbdotswpbitsandyabelowkaggdesigntycoon12344samuelsilvaptwhiteshadowcloudlivingejslondon/akdevsinfornwebmihail-barinovcodeiesultimateblocksunitecmspatrickgarmanwphrmanagersslzenswitcorpivanchernyakovpowerfulwppootlepress/wpdeveranssilaitilalukeseagerjetixwptheafricanbossbadhonrockspasyukdeothemesfoxmoonshabtimasterblockswpenginecodesavorywpdeliciousessekiawpexpertsiotoddhalfpennyskymindsdovypkenanfallonmulticollabstarfishwpsakurapixelmajick/dejanmarkovicwiserstepsshamim51litonice13tranzlyankitmaruchillichalliavidthemes/frenifyjwebsoldotrexactuaryzaskjavmahstylingwebbenkkikuchi1220intoxstudioslidedeckmuhammad-rehmanpagupbandidosmusman98gfiremjamesparkninjasovstacksvenl77thinleekeedeestaxwpwpt00lskartechifysslatlassvovafmberdingsmgteamethereumicoiocloudspongejohnc1979penguininitiativesoloyede-jamiulistplusmohammedrezqsetkapmbaldha/peterschulznlirkanuelementinvadersalttechnodivisumoinputwpbrandonfireanasbinmukimwupomeowcrewdvizheniamcurlymantrabraindanish-alimikewire_rocksolidwppluginexpertsarabianmidomarviorochamilukovenicheaddonskaizencodersgallerycreatorjaydeep-nimavatspartacprasadkirpekardgwyerequalizedigitalxyulexpagebuildersandwichboltonstudioskartikparmar/oceasninjalibsh3technologiescliffpaulickhalmatkrspmaciejbak85milmorsj_oaharonyanwpdevpowerspmbaldhafullworksfastaf/elbisneroblockmeistermojofywpfsruslanimtiazrayhanglowlogixstevehentypopeatingclickervoltbouncingsproutpaulio21buttonizerstevejburgeaguilerasoftalanfullerdarellshelob9matstarssnazzythemesnpluginsggeddedam6plalphabposervice5starpluginswpeventpartners/linekalkairarichard-bggriessercreativethemeshqblockspareroyalnavneetnasirahmeddamian-goracadudecastroalvesnitin247proteusthemesekanathRoyal Elementor AddonsBdThemesThe Events Calendar (StellarWP)Themeisle
Product-Panorama Viewer- Best Plugin to Display Panoramic Images/VideosWooCommerce Variation Swatches for ProductsEasy Post Views CountWoocommerce Customer Reviews with Artificial Intelligence analyzis, with IBM Watson Tone AnalyzerOcean ExtraCodeKit – Custom Codes EditorForm Vibes – Database Manager for FormsGFireM Advance SearchSTEWoo – Super Transactional Emails for WooCommerceBlockMeister – Block Pattern BuilderWordPress Directory Plugin For Business Listings – WP Local PlusAirpressWP Sessions Time Monitoring Full AutomaticEmails Blacklist for Everest FormsSmart Floating / Sticky Buttons – Call, Sharing, Chat Widgets & More – ButtonizerExpire tagsXT Ajax Add To Cart for WooCommerceBefore and After Product Images for WooCommerceVillarWP Search FilterFunnelmentalsFrontend group restriction for LearnDashSEO BoosterTeam Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and MorePro Broken Links MaintainerPremmerce Product Filter for WooCommerceDancePress (TRWA)Walker CoreBAVOKO SEO Tools – All-in-One WordPress SEOWP Security Safejav&#039;s – WooCommerce and Trello integration WooTrelloWP School CalendarBooking Addon for WooCommerceStation ProProduct Carousel For WooCommerce – WoorouSellCartPops – High Converting Add To Cart Popup For WooCommerceGiveaways for woocommerceBuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesGreenshift – animation and page builder blocksAtlas – Knowledge BaseWP GratifyBetter Messages – Integration for WC Vendors MarketplaceBlocksy CompanionQyrr – simply and modern QR-Code creationannasta Woocommerce Product FiltersWP Tools Gravity Forms Divi ModuleTablesome – Form DB & Automation – WPForms, Contact Form 7, Elementor, Forminator, Fluent, GravityClimateClick: Climate Action for allA no-code page builder for beautiful performance-based contentArendelleMarket ExporterConnected SermonsLightbox & Modal Popup WordPress Plugin – FooBoxStarfish Review Generation & Marketing for WordPressWooCommerce Disable Payment Methods based on cart conditionsSticky add to cart for WooPost Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post SliderSecurity Ninja – Secure Firewall & Secure Malware ScannerPopOverXYZ – Show Light Weight Beautiful Tool Tips On Any TextEasy Age VerifyNotification Bar, Announcement and Cookie Notice WordPress Plugin – FooBarPremmerce Variation Swatches for WooCommerceProduct Size Charts Plugin for WooCommercePost Carousel DiviAge Verification Screen for WooCommerceSuper Video Player- Best WordPress Video Display Plugin for mp4/OGGSimple Giveaways – Grow your business, email lists and traffic with contestsHQTheme ExtraGlossaryAutomizy Gravity FormsExtend Filter Products By Price WidgetOrder and Inventory Manager for WooCommerceAdvanced Database ReplacerStore Toolkit – WooCommerce Extensions, Quick Enhancements & Handy ToolsLivemesh Addons for Beaver BuilderAbeta Link PunchOutMaster Blocks – Gutenberg Site BuilderPremmerce Permalink Manager for WooCommerceShipping Method Display Style for WooCommerceSpanish Market Enhancements for WooCommerceFeedbackScout: The easiest way to collect, prioritise, manage and track customer feedback.Restaurant & Cafe Addon for ElementorPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)WordPress Slider Block GutensliderWP Lead StreamAquarella LiteReally Simple Featured Video – Featured video support for Posts, Pages & WooCommerce ProductsVidSEO | WordPress Video SEO embedder with transcripts (Youtube & Vimeo)WPMailer – The best mail builder, No More Core for your emails support Elementor, CF7 forms etc…Multi Page Auto Advance for Gravity FormsTreePress – Easy Family Trees & Ancestor ProfilesCookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy)3D Viewer – 3D Model Viewer PluginPurusDisplay Eventbrite EventsMedia Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and moreAPPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android AppsWP Event Partners – WordPress Plugin for Event and Conference ManagementFloating Social Share Icons and Social Share buttons – Next Previous Post Links – FLPortfolio for Elementor & Image Gallery | PowerFolioWidgets for WooCommerce Products on ElementorStoreCustomizer – A plugin to Customize all WooCommerce PagesEmail Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce)Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)Custom WooCommerce Checkout Fields EditorEqualize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility ErrorsSalon Booking SystemWooCommerce EU VAT AssistantThe Events CalendarBulk Attachment DownloadListPlus – Unlimited Listing DirectoryMenu Item SchedulerWP Photo EffectsWordPress Reviews by ReviewPressAuto SEO META keywords (META tags keywords) optimization + WooCommerceJoli Table Of ContentsOne Click LoginEmail Header FooterBulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)Woocommerce Customers Order HistoryImage Photo Gallery Final Tiles GridNitek Carousel Slider Cool TransitionsEasy Zillow ReviewsStreamCast – Radio Player for WordPressXT Variation Swatches for WooCommerceMenu Image, Icons made easyCryptocurrency Portfolio TrackerWS BootstrapWP Mobile Menu – The Mobile-Friendly Responsive MenuFast Checkout for WooCommerceSmart Variations Images & Swatches for WooCommerceMailChimp ManagerWp My Admin BarDeals of the Day WooCommerceHasiumResponsive Social Slider WidgetPage Builder Gutenberg Blocks – Kioken BlocksPage Builder Sandwich – Front End WordPress Page Builder PluginLivemesh SiteOrigin WidgetsViralikeCustom Registration and Custom Login Forms with New RecaptchaBattle Suit for DiviJDs PortfolioSV Proven ExpertVO Store Locator – WP Store Locator PluginReset Course Progress For LearnDashFront End PMRecurWP – WordPress Recurly Payment GatewayGlorious Services & SupportShubanIvory Search – WordPress Search PluginServer InfoBlog Sidebar WidgetAgy – Age verification for WooCommerceGoogle Analytics plugin for WordPress by GA4WPWP EasyPay – Square for WordPressWP Munich Blocks – Gutenberg Blocks for WordPressPremmerce Wishlist for WooCommerceNokkeBroadcast LiteWP Conference ScheduleEasy Newsletter SignupsAlley Business ToolkitReplyable – Subscribe to Comments and Reply by EmailNumber ChatCountry Based Payments for WooCommerceWebinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnitionSchema Plugin For Divi, Gutenberg & ShortcodesPower Ups for ElementorWordPress Everse Starter Sites – Elementor TemplatesContact Form 7 Multi-Step FormsAccept Stripe Donation and Payments – AidWPInternal Link Juicer: SEO Auto Linker for WordPressWoo UkrposhtaPage Builder for Gutenberg – StarterBlocksGet feedback from visitors – WP Feedback Suite PluginNEXUSBanner Management For WooCommerceScheduled Notification BarUltimate Blocks – WordPress Blocks PluginGenealogical Tree – WordPress Family TreeLearnMoreMaster Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & AnimationsProduct Author for WooCommerceLightbox – EverlightBox GalleryImpexium Single Sign OnLive TV Player – Worldwide Live TV Channels Player for WordPressPrice Bands for WooCommerceVit Website ReviewsRevolution for ElementorGloriousThemes Starter SitesWordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & RankingsGallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native galleryGo Fetch Jobs (for WP Job Manager)Geo MashupFive-Star Ratings ShortcodeActivity Log For MainWPContent Aware Sidebars – Fastest Widget Area PluginBaniInsert or Embed Articulate Content into WordPressRadio Station by netmix® – Manage and play your Show Schedule in WordPress!Anfrageformular – Multi Step Drag & Drop Formular Builder – LeadgenerierungTabs with Recommended Posts (Widget)Performance KitWP BugBotTag Groups is the Advanced Way to Display Your Taxonomy TermsRW Divi Unite GalleryWP Get PersonalAdvance Menu ManagerBulk WooCommerce Category CreatorWP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)LawPress – Law Firm Website ManagementTinyMCE AnnotateElationElements for LifterLMSGFireM FieldsHooked Editable ContentConsultPress LiteFooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & CarouselCategorify – WordPress Media Library Category & File ManagerRestrict User Access – Ultimate Membership & Content ProtectionJustified GalleryLocal Delivery Drivers for WooCommerceStreamWeasels Twitch IntegrationFocus on Reviews for WooCommerceWP Frontend Admin – Display WP Admin Pages in the FrontendSimple Sitemap – Create a Responsive HTML SitemapOpenseaAdd Pinterest conversion tags for Pinterest Ads + Site verificationWordPress Coupon Plugin for Bloggers and Marketers – WP OffersCryptocurrency Product for WooCommerceFast WordPressExtra Fees Plugin for WooCommercePrint My Blog – Print, PDF, & eBook Converter WordPress PluginStreak CRM For Gmail For Contact Form 7 – WordPress PluginSpotlight Social Feeds – Block, Shortcode, and WidgetWP-HR Manager: The Human Resources Plugin for WordPressCAPTCHA 4WP – Antispam CAPTCHA solution for WordPressDeMomentSomTres Grid ArchiveTarot Card OracleIntegrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress SiteWooCommerce Customers Table: View, Search, Bulk EditorChat Button- Leads and Order over ChatAll in One Invite CodesWP Meta and Date RemoverRating-Widget: Star Review SystemSurbma | GDPR Proof Cookie Consent & Notice BarEasy Code SnippetsComments Not Replied ToImage Carousel For DiviCuisine PalaceWP Radio – Worldwide Online Radio Stations Directory for WordPressElastaDivi CollageSparrow: Product Reviews and Ratings for WooCommerceSV Tracking ManagerUltra Elementor AddonsWooCommerce Next Order CouponWP Contact SliderLive Scores for SportsPressPast Events ExtensionTiered Pricing Table for WooCommerceAnyWhere ElementorWP Coupons and Deals – WordPress Coupon PluginSky Login RedirectWPTools Masonry Gallery & Posts For DiviNugget by Ingot: Easy, automated and native A/B testing for everyoneWP Post BlockEverseProduct Options and Price Calculation Formulas for WooCommerce – Uni CPOFeatured Images in RSS for Mailchimp & MoreFiboSearch – Ajax Search for WooCommercePost Snippets – Custom WordPress Code Snippets CustomizerWP Smart Export (Free)Coinbase Commerce – Crypto Gateway for WooCommerceWP Dev Powers – Display Screen Dimensions to Admin PluginSSL Atlas – Free SSL Certificate & HTTPS Redirect for WordPressWP fail2ban – Advanced Security PluginXT Floating Cart for WooCommerceAuthorize.Net Payment Gateway For WooCommerceDivi Forms Styler – Gravity Forms, Fluent Forms & Contact Form 7Multipurpose Gutenberg BlockFood Store – Online Food Delivery & PickupEthereumICOACF for WooCommerce ProductPremmerce Redirect ManagerDesign for Contact Form 7 Style WordPress Plugin – CF7 WOW StylerKVoucherSheetPress – Manage WordPress Meta data with Google SheetsLive Drag and Drop Builder for Contact Form 7Ultimate Widgets LightPodcast Box – Best Podcasting Plugin for WordPressBlocked in China | Check if your site is available in the Chinese mainlandWP Author BioWooCommerce upcoming ProductsPremmerce Brands for WooCommerceVideo Player for YouTubeDelete All Comments of wordpressDigital Goods for WooCommerce CheckoutBulk Edit Posts and Products in SpreadsheetMarijuana Age VerifyWordPress News Plugin – TopNewsWpPremmerce WooCommerce Customers ManagerCP Simple NewsletterWP Frontend ProfileEasy Smooth Scroll Links – Smooth Scrolling AnchorPremmerce SEO for WooCommerceLittleBot InvoicesFrontend Admin by DynamiAppsInbound BrewCheckout with Venmo on EDDUltimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud)WC Shop Sync – Square Payment Gateway for WooCommerce, Inventory Sync Between Square and WooCommerce, Ultimate WooCommerce Square PluginBulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)Restrict – membership, site, content and user access restrictions for WordPressTK SmugMug Slideshow ShortcodeWP-Cron Status CheckerStrumenti Partita IVA per WoocommerceElementor Addons by LivemeshPrimary Addon for ElementorbbResolutionsNinja Libs Amazon SESWP SPID ItaliaMusic Player for Elementor – Audio Player & Podcast PlayerKnowledge Base documentation & wiki plugin – BasePress DocsModern Addons for Elementor Page BuilderBetter Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBossWP Group PromoterWidgets on PagesSpreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table.SVG Flags – Beautiful Scalable Flags For All Countries!Anti-Spam by Fullworks : GDPR Compliant Spam ProtectionBulk Edit Categories and Tags – Create Thousands Quickly on the EditorDelete old Posts automaticallyPremmerceTop Bar – PopUps – by WPOptinLMS Plugin – eLearning, Online Courses by AttestPost to Google My Business (Google Business Profile)EthPress – Web3 LoginUnakitLicense Manager for WooCommerceSync eCommerce NEOTK Google Fonts GDPR CompliantWP Affiliate DisclosureBlockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding NeededSpeculorDomain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)Ultimate Gutenberg – Custom Block TemplatesWidgets on Pages and PostsPayment gateway per Product for WooCommerceWP Notification BellConeBlog – Elementor Blog WidgetsWP Free SSL – Free SSL Certificate for WordPress and force HTTPSWP Table Builder – WordPress Table PluginMedia Library File DownloadEasy Social Feed – Social Photos Gallery – Post Feed – Like BoxCheckout with Zelle on WoocommerceWP EmailyUnlimited Elements For Elementor (Free Widgets, Addons, Templates)Frontend Admin – Add and edit posts, pages, users and more all from the frontendNicheBaseLimb Gallery | Create Beautiful Image & Video GalleriesRevivePress – Keep your Old Content EvergreenPixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and morePostcode RedirectW3SCloud Contact Form 7 to Zoho CRMShared Files – Frontend File Upload Form & Secure File SharingGrid & Styler For Contact Form 7 And DiviBlock, Suspend, Report for BuddyPressКнопка ЮMoneyChange Price Title for WooCommerceForceFieldHide Shipping Method For WooCommerceWordPress SEO ChecklistEvents Addon for ElementorSend Prebuilt EmailsWP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+Appointment & Event Booking Calendar Plugin – Webba BookingDelete Duplicate PostsAlt ManagerJoli FAQ SEO – WordPress FAQ PluginChange Prices with Time for WooCommerceAdvanced Page Visit Counter – Most Wanted Analytics Plugin for WordPressKRSP Frontend File UploaderPay For Post with WooCommerceWooCommerce Bulk Edit Coupons – WP Sheet EditorPosts List Designer by Category – List Category Posts Or Recent PostsLocalSEOMapGFireM Action AfterBookPress – For Book AuthorsAdd Expires Headers & Optimized MinifyCoupon Affiliates – Affiliate Plugin for WooCommerceWP Activity LogDivi Content RestrictorCartoon UrlEvents Calendar RegistrationSecure IP LoginsShare This ImageDashy – Google Analytics advanced dashboardAmelaWordPress Dev Powers – ACF Color Coded Field Types PluginGutenberg Blocks – ACF Blocks SuiteScrollsequence – Cinematic Scroll Image Animation PluginPayment Gateway for PayFabricRankBearAwesome SSLFeatured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin)South Pole: Climate action nowPremmerce User RolesAdd Twitter Pixel for Twitter adsQuote for WooCommerce Lite – Add to Quote Plugin Lets Customers Request Custom Quotes for Products using the Request a Quote Plugin for WooCommerceAvailability datepicker – Integrate with Contact Form 7 and DiviWooCommerce PayPlugWPBITS Addons For Elementor Page BuilderWP SMS Plugin – WordPress SMS Two Factor Authentication – 2FA, Two Factor, OTP SMS and EmailFullscreen MenuFuse Social Floating SidebarVideopackmyCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for GamificationBlock Styler For Gravity FormsPremmerce Wholesale Pricing for WooCommerceBook BuyBack PricesProduct Customer List for WooCommerceGift Message for WooCommerceEasy PrayerPremmerce Multi-currency for WoocommerceQuick Paypal PaymentsMigrate WordPress Website & Backups – Prime MoverIks Menu – WordPress Category Accordion Menu & FAQsContact List – Premium Staff Listing, Business Directory Plugin & Address BookWordPress form builder plugin for contact forms, surveys and quizzes – TripettoUltimeterEthereum WalletSurveyFunnel – Survey Plugin for WordPressClickerVolt – Affiliate Links & Click Tracking for Performance MarketersWordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.azw woocommerce file uploadsDeMomentSomTres AddressWordPress Persistent LoginDrop Shadow BoxesGenerate Images – Magic Post ThumbnailAdFoxly – Ad Manager, AdSense Ads & Ads.txtRemove Add to Cart WooCommerceDynamic Pricing and Discount Rules for WooCommerceRadio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPressWCC SEO Keyword ResearchFAQ Manager For Divi, Gutenberg Block & ShortcodeAny Popup – Popup Forms, Optins & AdsWadi SurveySlideDeck: Responsive WordPress Slider PluginDocument Viewer- Plugin to Display MS Office DocsXT Quick View for WooCommercePlace Order Without Payment for WooCommerceBetter SharingTeam Collaboration Plugin for WordPress Editorial teams- MulticollabWP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareBetter Elementor AddonsQuick Event ManagerRun Contests, Raffles, and Giveaways with ContestsWPSKT Templates – 100% free Elementor & Gutenberg templatesDelivery for WooCommerceQuick Contact FormFAQ / Accordion / Docs – Helpie WordPress FAQ Accordion pluginRocket Maintenance Mode & Coming Soon PageEther and ERC20 tokens WooCommerce Payment GatewayWPVisitorInfo – Show Visitor Information & Conditional Data Based On That InformationHM Multiple RolesUltimate Carousel For DiviAFI – The Easiest Integration PluginWP MooseFraud Prevention For WooCommerce and EDDBest Responsive Comparison Table for Gutenberg Editor – NicheTableAdd Tiktok Pixel for Tiktok ads (+Woocommerce)Contact Widgets For Elementor all the contact links you need in one placeProtect Uploads with Login – Protect Your UploadsBulk Edit and Create User Profiles – WP Sheet EditorDa ReactionsMass Pages/Posts CreatorWholesale for WooCommerce — This Wholesale Plugin Helps B2B and B2C Businesses Streamline Wholesale Products, Pricing, and User Roles, Automating their WooCommerce Wholesale StoresQuick Affiliate StoreWordPress Animation Plugin – Animated EverythingWPBakery Page Builder Addons by LivemeshProduct Attachment for WooCommerceAnnouncement & Notification Banner – BulletinAll-in-One Video GallerySocial Gallery LiteRun time Image resizingWUPO Group Attributes for WooCommerceMapGeo – Interactive Geo MapsPinblocks — Gutenberg blocks with Pinterest widgetsDivi Torque Lite – Divi Theme and Extra ThemeSocialMark – Easy Watermark/Logo on Social Media Post Link Share PreviewSQL Reporting Services – SSRS Plugin for WordPressGet Directions MapCaxton – Create Pro page layouts in GutenbergAnt Admin Notices for TeamBetter Messages – WCFM IntegrationZip Code RedirectRedirection for Contact Form 7Custom Login Page CustomizerGet Better Reviews for WooCommerceNew User ApproveTurbo WidgetsMobile View for Responsive web design optimization (UX design) + Mobile Friendly TestThank You Page for WooCommerceBuilder for WooCommerce product reviews shortcodes – ReviewShortkk Star Ratings – Rate Post & Collect User FeedbacksLogo Showcase – Responsive Logo Carousel, Logo Slider & Logo GridRaCar Clear Cart for WooCommerceDeMomentSomTres Media Tools AutoWordPress Google TranslateEasy Tiktok FeedModern Designs for Gravity FormsEasy Math Captcha for CF7Filr – Secure document libraryPreloader for DiviMeridiaWidget Detector for ElementorBrandAutomatic YouTube GalleryRest Routes – Custom Endpoints for WordPress REST APIPurosaYatri ToolsWoowGallery – image gallery / content gallery / ecommerce gallery / social gallery / video gallery / album photo galleryWP Required Taxonomies – Categories and Tags MandatoryWordPress Books GalleryWP Disable SitemapAdd Linkedin insight tags for Linkedin adsProduct Image Watermark for WooFooter Plugin for DiviOverlay Image Divi ModuleDuplicate Variations for WoocommerceWooCommerce Google Analytics Integration By Advanced WC AnalyticsDrip Feed Content Extended for LearndashError Log MonitorBlog Grid & Post Grid – Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer PackPremmerce Product Search for WooCommerceYASR – Yet Another Star Rating Plugin for WordPressMultisite Robots.txt ManagerInternal Linking for SEO traffic & Ranking – Auto internal links (100% automatic)Woo Admin Product NotesRoyal Elementor Addons and TemplatesSnazzyAdmin WP Admin ThemeSocial KitwGauge – Free VersionElementor Addon ElementsWooCommerce Country Catalogs – Product Country RestrictionsWordPress SEO Audit Plugin – WP Site AuditorWP Tools Divi Product CarouselAds.txt & App-ads.txt Manager for WordPressSimple SponsorshipsKikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerceWP Page TemplatesGuest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front EditorWordPress WooCommerce Sync for Google SheetBooking Calendar | Appointment Booking | BookitFlat Rate Shipping Plugin For WooCommerceGuestofy – Restaurant Reservations Plugin, Room Planer, Reservation FormWP Link BioWordPress Dev Powers – Element Selector jQuery Powers PluginFull Page Blog DesignerTwentyFourth WP ScraperBlock Slider – Responsive Image Slider, Video Slider & Post SliderEnhanced Ecommerce Google Analytics for WooCommerceWidget for Contact form 7Stackable – Page Builder Gutenberg BlocksSimple Feature Requests Free – User Feedback BoardBlockyPage – Gutenberg Based Page BuilderWP AutoMedicGallery PhotoBlocksContact Form 7 – Capsule CRM – IntegrationEvent Tickets and RegistrationEasy Settings for LearnDashWordPress Auto SEO Plugin – Upfiv SEO WizardWP Relevant AdsForms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, WebhookUser Menus – Nav Menu VisibilityLittleBot ACH for Stripe + PlaidUnder ConstructionMaster Accordion ( Former WP Awesome FAQ Plugin )XT Points & Rewards for WooCommerceCF7 Constant Contact Fields MappingWP Data Access – WordPress App, Table and Form Builder pluginPassster – Password Protect Pages and ContentOut of stock display for woocommerceClean Social IconsCheckout with Cash App on EDDAutoSave NetSSL Certificate – Free SSL, HTTPS by SSL ZenGateway for PayLate on WooCommerceCourt Reservation – Manage Your Court Bookings OnlineAffiliate Link Builder Plugin for Amazon Associates – Review EngineAdvanced Custom Fields options import/exportRT Easy Builder – Advanced addons for ElementorThe best plugin for restrict content, support all Custom Post Types and Elementor – Password ProtectedChoice Payment Gateway for WooCommerceURL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPressWooCommerce Shipping gateway per ProductWP Tools Divi Blog CarouselSimple Social Page Widget & ShortcodeUltimate Bulk SEO Noindex Nofollow – Speed up Penalty Recovery Ultimate SEO BoosterEducation Addon for ElementorAdvanced Classifieds & Directory ProCode ManagerHuCommerce | Magyar WooCommerce kiegészítésekFree Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC BookingFeedpress Generator – External RSS Frontend CustomizerSTAX Header BuilderWP Google Street View (with 360° virtual tour) & Google maps + Local SEOUltimate Divi Modules Suite – Divi Sumo LiteWordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and ScheduleFIT: Featured Image ToolkitConversion de moneda WoocommerceWP Adminify – Custom WordPress Dashboard, Login and Admin CustomizerGo Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view countersWooCommerce Bulk Edit Products – WP Sheet EditorWP SierraWordPress Gallery Plugin – Edge Photo GalleryPootle Pagebuilder – WordPress Page builderTickera – WordPress Event Ticketing
CWE ID-CWE-862
Missing Authorization
CVE-2021-1508
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.06% / 77.25%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:41
Updated-08 Nov, 2024 | 23:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-862
Missing Authorization
CVE-2024-50455
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.74%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:03
Updated-07 Nov, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.

Action-Not Available
Vendor-seopressThe SEO Guys at SEOPress
Product-seopressSEOPress
CWE ID-CWE-862
Missing Authorization
CVE-2021-1505
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.23% / 78.85%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:41
Updated-08 Nov, 2024 | 23:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Vulnerabilities

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-sd-wan_vmanagecatalyst_sd-wan_managerCisco SD-WAN vManage
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-862
Missing Authorization
CVE-2024-49325
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.84%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 10:40
Updated-22 Oct, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Gallery Builder plugin <= 3.0 - Broken Access Control to Notice Dismissal vulnerability

Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions.

Action-Not Available
Vendor-wpdiscoverwpdiscover
Product-photo_gallery_builderPhoto Gallery Builder
CWE ID-CWE-862
Missing Authorization
CVE-2022-3911
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.01%
||
7 Day CHG~0.00%
Published-02 Jan, 2023 | 21:49
Updated-10 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etc

Action-Not Available
Vendor-iubendaUnknown
Product-iubenda-cookie-law-solutioniubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2021-23014
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.53%
||
7 Day CHG~0.00%
Published-10 May, 2021 | 14:35
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_advanced_web_application_firewallbig-ip_application_security_managerBIG-IP ASM/Advanced WAF
CWE ID-CWE-862
Missing Authorization
CVE-2015-10140
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-50.29% / 97.76%
||
7 Day CHG~0.00%
Published-22 Jul, 2025 | 13:20
Updated-09 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.

Action-Not Available
Vendor-connekthqUnknown
Product-ajax_load_moreAjax Load More
CWE ID-CWE-862
Missing Authorization
CVE-2022-40203
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 28.11%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 16:08
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control

Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5.

Action-Not Available
Vendor-AlgolPlus
Product-advanced_dynamic_pricing_for_woocommerceAdvanced Dynamic Pricing for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-50456
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.93%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:00
Updated-07 Nov, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.

Action-Not Available
Vendor-seopressThe SEO Guys at SEOPress
Product-seopressSEOPress
CWE ID-CWE-862
Missing Authorization
CVE-2024-47314
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.72% / 71.99%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-19 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sunshine Photo Cart plugin <= 3.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.8.

Action-Not Available
Vendor-sunshinephotocartWP Sunshine
Product-sunshine_photo_cartSunshine Photo Cart
CWE ID-CWE-862
Missing Authorization
CVE-2024-50417
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.53%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:30
Updated-08 Jan, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in BoldThemes Bold Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through 5.1.3.

Action-Not Available
Vendor-BoldThemes
Product-bold_page_builderBold Page Builder
CWE ID-CWE-862
Missing Authorization
CVE-2024-47362
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.60% / 68.79%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-05 Nov, 2024 | 21:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Strong Testimonials plugin <= 3.1.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16.

Action-Not Available
Vendor-wpchillWPChill
Product-strong_testimonialsStrong Testimonials
CWE ID-CWE-862
Missing Authorization
CVE-2024-45760
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.3||MEDIUM
EPSS-0.49% / 64.99%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 16:17
Updated-04 Feb, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell OpenManage Server Administrator
CWE ID-CWE-862
Missing Authorization
CVE-2026-25538
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.05% / 14.01%
||
7 Day CHG+0.01%
Published-04 Feb, 2026 | 21:37
Updated-11 Feb, 2026 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user (including low-privileged CI/CD Developers) to obtain the global API Token signing key by accessing the /orchestrator/attributes?key=apiTokenSecret endpoint. After obtaining the key, attackers can forge JWT tokens for arbitrary user identities offline, thereby gaining complete control over the Devtron platform and laterally moving to the underlying Kubernetes cluster. This issue has been patched via commit d2b0d26.

Action-Not Available
Vendor-devtrondevtron-labs
Product-devtrondevtron
CWE ID-CWE-862
Missing Authorization
CVE-2024-43296
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.94%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30.

Action-Not Available
Vendor-bpluginsbPlugins LLC
Product-html5_video_playerFlash & HTML5 Video
CWE ID-CWE-862
Missing Authorization
CVE-2024-43343
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.94%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Order Tracking – WordPress Status Tracking Plugin plugin < 3.3.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12.

Action-Not Available
Vendor-etoilewebdesignEtoile Web Design
Product-order_trackingOrder Tracking
CWE ID-CWE-862
Missing Authorization
CVE-2024-4351
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-28.12% / 96.36%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 09:32
Updated-22 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain control of an existing administrator account.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS Protutor_lms
CWE ID-CWE-862
Missing Authorization
CVE-2024-44006
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.32%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-08 Nov, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency multilingual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.6.

Action-Not Available
Vendor-onthegosystemsOnTheGoSystems
Product-woocommerce_multilingual_\&_multicurrencyWooCommerce Multilingual & Multicurrency
CWE ID-CWE-862
Missing Authorization
CVE-2024-4352
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-23.34% / 95.82%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 09:32
Updated-22 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection

The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS Protutor_lms_pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-43118
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 47.05%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-15 May, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hummingbird plugin <= 3.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a through 3.9.1.

Action-Not Available
Vendor-Incsub, LLC
Product-hummingbirdHummingbird
CWE ID-CWE-862
Missing Authorization
CVE-2024-43932
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 56.81%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.2.

Action-Not Available
Vendor-posimythPOSIMYTH
Product-the_plus_addons_for_elementorThe Plus Addons for Elementor Page Builder Lite
CWE ID-CWE-862
Missing Authorization
CVE-2024-43310
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 59.46%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.9.

Action-Not Available
Vendor-ukrsolutionUkrSolution
Product-print_labels_with_barcodesPrint Barcode Labels for your WooCommerce products/orders
CWE ID-CWE-862
Missing Authorization
CVE-2024-43925
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.53%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Envira Gallery Lite plugin <= 1.8.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.14.

Action-Not Available
Vendor-Envira Gallery, LLC (Envira Gallery)
Product-envira_galleryEnvira Photo Gallery
CWE ID-CWE-862
Missing Authorization
CVE-2024-43355
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.94%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JoomSport plugin <= 5.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0.

Action-Not Available
Vendor-beardevBearDev
Product-joomsportJoomSport
CWE ID-CWE-862
Missing Authorization
CVE-2024-47317
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 65.57%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-12 Nov, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ads by WPQuads plugin <= 2.0.84 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Quads Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads: from n/a through 2.0.84.

Action-Not Available
Vendor-wpquadsWP Quads
Product-adsAds by WPQuads – Adsense Ads, Banner Ads, Popup Ads
CWE ID-CWE-862
Missing Authorization
CVE-2024-48044
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 47.40%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-19 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3.

Action-Not Available
Vendor-shortpixelShortPixel – Convert WebP/AVIF & Optimize Images
Product-image_optimizerShortPixel Image Optimizer
CWE ID-CWE-862
Missing Authorization
CVE-2024-48039
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.16%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-19 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.15.

Action-Not Available
Vendor-cubewpCubeWP
Product-cubewpCubeWP – All-in-One Dynamic Content Framework
CWE ID-CWE-862
Missing Authorization
CVE-2022-3512
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 33.49%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 09:22
Updated-06 May, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-warpWARP
CWE ID-CWE-862
Missing Authorization
CVE-2024-47318
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.41% / 61.02%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-12 Nov, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PWA for WP & AMP plugin <= 1.7.72 - Broken Access Control vulnerability

Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72.

Action-Not Available
Vendor-Mohammed & Ahmed Kaludi (Magazine3)
Product-pwa_for_wp_\&_ampPWA for WP & AMP
CWE ID-CWE-862
Missing Authorization
CVE-2024-47361
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.78%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-12 Nov, 2024 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Elementor Addon Elements plugin <= 1.13.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPVibes Elementor Addon Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Addon Elements: from n/a through 1.13.6.

Action-Not Available
Vendor-webtechstreetWPVibes
Product-elementor_addon_elementsElementor Addon Elements
CWE ID-CWE-862
Missing Authorization
CVE-2026-24532
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.17%
||
7 Day CHG~0.00%
Published-23 Jan, 2026 | 14:28
Updated-26 Jan, 2026 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SiteLock Security plugin <= 5.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SiteLock SiteLock Security sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through <= 5.0.2.

Action-Not Available
Vendor-SiteLock
Product-SiteLock Security
CWE ID-CWE-862
Missing Authorization
CVE-2024-48045
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.32%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-19 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Happy Elementor Addons plugin <= 3.12.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Leevio Happy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through 3.12.3.

Action-Not Available
Vendor-leevioLeevio
Product-happy_addons_for_elementorHappy Addons for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2022-34344
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 43.08%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 21:13
Updated-23 May, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5.

Action-Not Available
Vendor-rymeraRymera Web Co
Product-wholesale_suiteWholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More
CWE ID-CWE-862
Missing Authorization
CVE-2024-38707
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 38.25%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-24 Mar, 2025 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmbedPress plugin <= 4.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.

Action-Not Available
Vendor-WPDeveloper
Product-embedpressEmbedPress
CWE ID-CWE-862
Missing Authorization
CVE-2026-23974
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.17%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Golo theme < 1.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.

Action-Not Available
Vendor-uxper
Product-Golo
CWE ID-CWE-862
Missing Authorization
CVE-2026-24356
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.17%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-26 Jan, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GetGenie plugin <= 4.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0.

Action-Not Available
Vendor-Roxnor
Product-GetGenie
CWE ID-CWE-862
Missing Authorization
CVE-2024-37232
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.63% / 69.77%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hercules Core plugin <= 6.5 - Subscriber+ Arbitrary Settings Change/Access vulnerability

Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5.

Action-Not Available
Vendor-Hercules Designtoddnestor
Product-Hercules Corehercules_core
CWE ID-CWE-862
Missing Authorization
CVE-2022-31595
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.40% / 60.43%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 18:45
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Action-Not Available
Vendor-SAP SE
Product-adaptive_server_enterpriseSAP Financial Consolidation
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found