Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-1809

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-02 May, 2024 | 16:52
Updated At-01 Aug, 2024 | 18:48
Rejected At-
Credits

The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:02 May, 2024 | 16:52
Updated At:01 Aug, 2024 | 18:48
Rejected At:
▼CVE Numbering Authority (CNA)

The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings.

Affected Products
Vendor
hiddenpearls
Product
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
Default Status
unaffected
Versions
Affected
  • From * through 5.2.3 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-497 Exposure of System Data to an Unauthorized Control Sphere
Type: N/A
CWE ID: N/A
Description: CWE-497 Exposure of System Data to an Unauthorized Control Sphere
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Lucio Sá
Timeline
EventDate
Disclosed2024-04-29 00:00:00
Event: Disclosed
Date: 2024-04-29 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a659071-df11-4318-86c2-7881163c8b62?source=cve
N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3072410%40wp-analytify%2Ftrunk&old=3024819%40wp-analytify%2Ftrunk&sfp_email=&sfph_mail=
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7a659071-df11-4318-86c2-7881163c8b62?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3072410%40wp-analytify%2Ftrunk&old=3024819%40wp-analytify%2Ftrunk&sfp_email=&sfph_mail=
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a659071-df11-4318-86c2-7881163c8b62?source=cve
x_transferred
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3072410%40wp-analytify%2Ftrunk&old=3024819%40wp-analytify%2Ftrunk&sfp_email=&sfph_mail=
x_transferred
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7a659071-df11-4318-86c2-7881163c8b62?source=cve
Resource:
x_transferred
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3072410%40wp-analytify%2Ftrunk&old=3024819%40wp-analytify%2Ftrunk&sfp_email=&sfph_mail=
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:02 May, 2024 | 17:15
Updated At:05 Jun, 2025 | 20:21

The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CPE Matches
analytify
analytify
>>analytify_-_google_analytics_dashboard>>Versions before 5.2.4(exclusive)
cpe:2.3:a:analytify:analytify_-_google_analytics_dashboard:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarynvd@nist.gov
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3072410%40wp-analytify%2Ftrunk&old=3024819%40wp-analytify%2Ftrunk&sfp_email=&sfph_mail=security@wordfence.com
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a659071-df11-4318-86c2-7881163c8b62?source=cvesecurity@wordfence.com
Third Party Advisory
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3072410%40wp-analytify%2Ftrunk&old=3024819%40wp-analytify%2Ftrunk&sfp_email=&sfph_mail=af854a3a-2127-422b-91ae-364da2661108
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a659071-df11-4318-86c2-7881163c8b62?source=cveaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3072410%40wp-analytify%2Ftrunk&old=3024819%40wp-analytify%2Ftrunk&sfp_email=&sfph_mail=
Source: security@wordfence.com
Resource:
Patch
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7a659071-df11-4318-86c2-7881163c8b62?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3072410%40wp-analytify%2Ftrunk&old=3024819%40wp-analytify%2Ftrunk&sfp_email=&sfph_mail=
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7a659071-df11-4318-86c2-7881163c8b62?source=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

111Records found
CVE-2024-1584
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:51
Updated-05 Jun, 2025 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1. This makes it possible for unauthenticated attackers to modify the site's Google Analytics tracking ID.

Action-Not Available
Vendor-analytifyhiddenpearls
Product-analytify_-_google_analytics_dashboardAnalytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy)
CWE ID-CWE-862
Missing Authorization
CVE-2023-41695
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-3.5||LOW
EPSS-0.24% / 46.23%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:24
Updated-05 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify plugin <= 5.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.0.

Action-Not Available
Vendor-analytifyAnalytify
Product-analytify_-_google_analytics_dashboardAnalytify
CWE ID-CWE-862
Missing Authorization
CVE-2023-47841
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.40%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:30
Updated-09 Jun, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify plugin <= 5.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1.

Action-Not Available
Vendor-analytifyAnalytify
Product-analytify_-_google_analytics_dashboardAnalytify
CWE ID-CWE-862
Missing Authorization
CVE-2022-4974
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 22.11%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-16 Oct, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Freemius SDK <= 2.4.2 - Missing Authorization Checks

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.

Action-Not Available
Vendor-mihail-barinovslidedecklukeseagerupfivcypressnorthronena100jburleigh1tobias_conrad/sonalsinha21stylingwebbenhiddenpearlsmikewire_rocksolidprelcthemeseiinvisnetactuaryzaskversacompalanfullergalooverboltonstudioscadudecastroalvesclosemarketing/jamesparkninjaelementinvaderpmbaldha/zeethemecodeiesvinod-dalvialphabposervicetranzlysovstacklivemeshthijziewoopopsmarviorochafullworksekanathmulticollabwp-makingrafacarvalhidodejanmarkovicnitin247svenl77mumarym1985gloriousthemessmgteamsj_opluginswarewpschoolcalendarmeowcrewgowebsmartyggeddesmartwpressdotrexcebbidaniyalahmedkoceanwpmattpramschufercloudspongestevejburgemajick/alleythemesxyulexweconnectcodebilaltasbuttonizerlostboy7badhonrockswpdeverbenmoreassyntpagebuildersandwichblockypagedrosendoultimateblocksscrollsequencedgwyerbeeneebwpjolitonyzeolimeepluginsfrostbournrisethemeclickervolttheafricanboss/olezhyk5mohammedrezqdjenhdreamfoxrebelcodeblackandwhitedigitalseancarricomarcqueraltwpt00lsmdedevldninjas/tprintyedisonaveco2oksakurapixeldvizheniamnelson4kokomowebwpdeliciouselbisnerosebet/samuelsilvaptwpeventpartners/theafricanbossstevehentystreamweaselspaulio21tribalnerdpmbaldhamuhammad-rehmanmte90ankitmarusslatlasjohnc1979wordpresscheflimbcodeimtiazrayhanggriesserseezeeivan_paulinmikebelsattestkaggdesignparetodigitaltherealwebdisruptsurbmahumblethemesarabianmidokrspmcurlyibenicwpmagicsblockmeisterkitthemessvovafirkanumasterblocksfrenifynicheaddonswalkerwpwpmoosepremmercepootlepresswebtechstreetinterfacelabgetsparrowcommercepunditmhmrajibtropicalistaspartacsjaveddarellahmed17wiserstepslitonice13damian-goramatthias-reuterstaxwpthecodechimepluginandplaywupopippozanardohqthemekairaejslondon/unitecmskartikparmarcarlosmoreiraptatakanozbandidoproteusthemespopeatingbavokoservicesaharonyanjosevegaplugins360mojofywpdeothemesbrandonfirebpluginskartikparmar/syntacticstauhidproelliotvsjwindcliffpaulickwphrmanagerwpvibesmaltathemesalex-yesamdanialexmosspassionatebrainssslzenwpscriptsequalizedigitalkylegilmandam6plprotectyouruploadscodeatlanticjurskijcodexinputwptripettojkohlbachwpsoulgallerycreatorivacydanish-alikaizencoderschetmacpowerfulwplistpluswhiteshadowanasbinmukimtobias_conradshelob9ivanchernyakovmaurolopes/dovypsetkawpeka-clubroyalnavneettoddhalfpennywpgeniuzflexithemesstarfishwpskshaikatcollizo4skywebba-agencysnazzythemesavidthemes/pasyuktickerablocksparedanielealessandravincoitmilmorbradvinwebmuehlewordpluscromer12foxmooneedeethemestydotsmohsinofflineprasadkirpekarmbrown24switcorpgfiremalekvappexpertsiouriahs-victorwptravelengineboriscolombier/smusman98edgegallerypluginpenguininitiativesrichard-b5starpluginstakanakuimaciejbak85jack-kitterhingcleverpluginsmvvapps/pootlepress/annastaacmbibby/bestpluginswordpresspatrickposnercreativethemeshqmaxsdesignrafalosinskiwpdevpowersprinceahmedpagupninjalibsdudoxplodedthemeslkoudalkhothemesmilukove/infosatechrenaudbodwebheadllcwpcohortwpexpertsiobouncingsproutclosemarketingethereumicoiolinekaldivisumodipcodehalmatsindyakinsergeiwgaugewpengineessekiagiladtakonivernallynn999npluginsvohotv/janthielemannmunirkamalxjohnykjanwyljetixwpthemeythemescyberhobowppluginexpertsvanyukovwpmunichmantrabrainandyabelowpatrickgarmannasirahmedjwebsolshabtimoomooagencycloudlivingshawoninfoinfornwebtycoon12344salttechnowpbitskkikuchi1220modulemastersthinleekwpconedevwoodyhaydayanssilaitiladaigo75kitforestw3scloudpeterschulznlultradevsjavmahshamim51wpcohort/oloyede-jamiumelapresssebetaguilerasoft9brada6sangarananfrageformularskymindsmberdingrankbeargkher/wptbmatstarsjaydeep-nimavatkenanfallonusmanaliqureshiakdevschillichallimajickbycrikfastaf/themelocationglowlogixmilukoveh3technologiescodexonicsintoxstudiokartechifybfintalcodesavorygreenjaymediafsruslanoceasdangub86iksstudiowpchilldavidandersonzerozendesigndiviframeworkRoyal Elementor AddonsBdThemesThe Events Calendar (StellarWP)Themeisle
Product-Panorama Viewer- Best Plugin to Display Panoramic Images/VideosWooCommerce Variation Swatches for ProductsEasy Post Views CountWoocommerce Customer Reviews with Artificial Intelligence analyzis, with IBM Watson Tone AnalyzerOcean ExtraCodeKit – Custom Codes EditorForm Vibes – Database Manager for FormsGFireM Advance SearchSTEWoo – Super Transactional Emails for WooCommerceBlockMeister – Block Pattern BuilderWordPress Directory Plugin For Business Listings – WP Local PlusAirpressWP Sessions Time Monitoring Full AutomaticEmails Blacklist for Everest FormsSmart Floating / Sticky Buttons – Call, Sharing, Chat Widgets & More – ButtonizerExpire tagsXT Ajax Add To Cart for WooCommerceBefore and After Product Images for WooCommerceVillarWP Search FilterFunnelmentalsFrontend group restriction for LearnDashSEO BoosterTeam Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and MorePro Broken Links MaintainerPremmerce Product Filter for WooCommerceDancePress (TRWA)Walker CoreBAVOKO SEO Tools – All-in-One WordPress SEOWP Security Safejav&#039;s – WooCommerce and Trello integration WooTrelloWP School CalendarBooking Addon for WooCommerceStation ProProduct Carousel For WooCommerce – WoorouSellCartPops – High Converting Add To Cart Popup For WooCommerceGiveaways for woocommerceBuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesGreenshift – animation and page builder blocksAtlas – Knowledge BaseWP GratifyBetter Messages – Integration for WC Vendors MarketplaceBlocksy CompanionQyrr – simply and modern QR-Code creationannasta Woocommerce Product FiltersWP Tools Gravity Forms Divi ModuleTablesome – Form DB & Automation – WPForms, Contact Form 7, Elementor, Forminator, Fluent, GravityClimateClick: Climate Action for allA no-code page builder for beautiful performance-based contentArendelleMarket ExporterConnected SermonsLightbox & Modal Popup WordPress Plugin – FooBoxStarfish Review Generation & Marketing for WordPressWooCommerce Disable Payment Methods based on cart conditionsSticky add to cart for WooPost Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post SliderSecurity Ninja – Secure Firewall & Secure Malware ScannerPopOverXYZ – Show Light Weight Beautiful Tool Tips On Any TextEasy Age VerifyNotification Bar, Announcement and Cookie Notice WordPress Plugin – FooBarPremmerce Variation Swatches for WooCommerceProduct Size Charts Plugin for WooCommercePost Carousel DiviAge Verification Screen for WooCommerceSuper Video Player- Best WordPress Video Display Plugin for mp4/OGGSimple Giveaways – Grow your business, email lists and traffic with contestsHQTheme ExtraGlossaryAutomizy Gravity FormsExtend Filter Products By Price WidgetOrder and Inventory Manager for WooCommerceAdvanced Database ReplacerStore Toolkit – WooCommerce Extensions, Quick Enhancements & Handy ToolsLivemesh Addons for Beaver BuilderAbeta Link PunchOutMaster Blocks – Gutenberg Site BuilderPremmerce Permalink Manager for WooCommerceShipping Method Display Style for WooCommerceSpanish Market Enhancements for WooCommerceFeedbackScout: The easiest way to collect, prioritise, manage and track customer feedback.Restaurant & Cafe Addon for ElementorPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)WordPress Slider Block GutensliderWP Lead StreamAquarella LiteReally Simple Featured Video – Featured video support for Posts, Pages & WooCommerce ProductsVidSEO | WordPress Video SEO embedder with transcripts (Youtube & Vimeo)WPMailer – The best mail builder, No More Core for your emails support Elementor, CF7 forms etc…Multi Page Auto Advance for Gravity FormsTreePress – Easy Family Trees & Ancestor ProfilesCookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy)3D Viewer – 3D Model Viewer PluginPurusDisplay Eventbrite EventsMedia Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and moreAPPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android AppsWP Event Partners – WordPress Plugin for Event and Conference ManagementFloating Social Share Icons and Social Share buttons – Next Previous Post Links – FLPortfolio for Elementor & Image Gallery | PowerFolioWidgets for WooCommerce Products on ElementorStoreCustomizer – A plugin to Customize all WooCommerce PagesEmail Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce)Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider)Custom WooCommerce Checkout Fields EditorEqualize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility ErrorsSalon Booking SystemWooCommerce EU VAT AssistantThe Events CalendarBulk Attachment DownloadListPlus – Unlimited Listing DirectoryMenu Item SchedulerWP Photo EffectsWordPress Reviews by ReviewPressAuto SEO META keywords (META tags keywords) optimization + WooCommerceJoli Table Of ContentsOne Click LoginEmail Header FooterBulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)Woocommerce Customers Order HistoryImage Photo Gallery Final Tiles GridNitek Carousel Slider Cool TransitionsEasy Zillow ReviewsStreamCast – Radio Player for WordPressXT Variation Swatches for WooCommerceMenu Image, Icons made easyCryptocurrency Portfolio TrackerWS BootstrapWP Mobile Menu – The Mobile-Friendly Responsive MenuFast Checkout for WooCommerceSmart Variations Images & Swatches for WooCommerceMailChimp ManagerWp My Admin BarDeals of the Day WooCommerceHasiumResponsive Social Slider WidgetPage Builder Gutenberg Blocks – Kioken BlocksPage Builder Sandwich – Front End WordPress Page Builder PluginLivemesh SiteOrigin WidgetsViralikeCustom Registration and Custom Login Forms with New RecaptchaBattle Suit for DiviJDs PortfolioSV Proven ExpertVO Store Locator – WP Store Locator PluginReset Course Progress For LearnDashFront End PMRecurWP – WordPress Recurly Payment GatewayGlorious Services & SupportShubanIvory Search – WordPress Search PluginServer InfoBlog Sidebar WidgetAgy – Age verification for WooCommerceGoogle Analytics plugin for WordPress by GA4WPWP EasyPay – Square for WordPressWP Munich Blocks – Gutenberg Blocks for WordPressPremmerce Wishlist for WooCommerceNokkeBroadcast LiteWP Conference ScheduleEasy Newsletter SignupsAlley Business ToolkitReplyable – Subscribe to Comments and Reply by EmailNumber ChatCountry Based Payments for WooCommerceWebinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnitionSchema Plugin For Divi, Gutenberg & ShortcodesPower Ups for ElementorWordPress Everse Starter Sites – Elementor TemplatesContact Form 7 Multi-Step FormsAccept Stripe Donation and Payments – AidWPInternal Link Juicer: SEO Auto Linker for WordPressWoo UkrposhtaPage Builder for Gutenberg – StarterBlocksGet feedback from visitors – WP Feedback Suite PluginNEXUSBanner Management For WooCommerceScheduled Notification BarUltimate Blocks – WordPress Blocks PluginGenealogical Tree – WordPress Family TreeLearnMoreMaster Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & AnimationsProduct Author for WooCommerceLightbox – EverlightBox GalleryImpexium Single Sign OnLive TV Player – Worldwide Live TV Channels Player for WordPressPrice Bands for WooCommerceVit Website ReviewsRevolution for ElementorGloriousThemes Starter SitesWordPress Robots.txt optimizer (+ XML Sitemap) – Boost SEO, Traffic & RankingsGallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native galleryGo Fetch Jobs (for WP Job Manager)Geo MashupFive-Star Ratings ShortcodeActivity Log For MainWPContent Aware Sidebars – Fastest Widget Area PluginBaniInsert or Embed Articulate Content into WordPressRadio Station by netmix® – Manage and play your Show Schedule in WordPress!Anfrageformular – Multi Step Drag & Drop Formular Builder – LeadgenerierungTabs with Recommended Posts (Widget)Performance KitWP BugBotTag Groups is the Advanced Way to Display Your Taxonomy TermsRW Divi Unite GalleryWP Get PersonalAdvance Menu ManagerBulk WooCommerce Category CreatorWP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)LawPress – Law Firm Website ManagementTinyMCE AnnotateElationElements for LifterLMSGFireM FieldsHooked Editable ContentConsultPress LiteFooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & CarouselCategorify – WordPress Media Library Category & File ManagerRestrict User Access – Ultimate Membership & Content ProtectionJustified GalleryLocal Delivery Drivers for WooCommerceStreamWeasels Twitch IntegrationFocus on Reviews for WooCommerceWP Frontend Admin – Display WP Admin Pages in the FrontendSimple Sitemap – Create a Responsive HTML SitemapOpenseaAdd Pinterest conversion tags for Pinterest Ads + Site verificationWordPress Coupon Plugin for Bloggers and Marketers – WP OffersCryptocurrency Product for WooCommerceFast WordPressExtra Fees Plugin for WooCommercePrint My Blog – Print, PDF, & eBook Converter WordPress PluginStreak CRM For Gmail For Contact Form 7 – WordPress PluginSpotlight Social Feeds – Block, Shortcode, and WidgetWP-HR Manager: The Human Resources Plugin for WordPressCAPTCHA 4WP – Antispam CAPTCHA solution for WordPressDeMomentSomTres Grid ArchiveTarot Card OracleIntegrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress SiteWooCommerce Customers Table: View, Search, Bulk EditorChat Button- Leads and Order over ChatAll in One Invite CodesWP Meta and Date RemoverRating-Widget: Star Review SystemSurbma | GDPR Proof Cookie Consent & Notice BarEasy Code SnippetsComments Not Replied ToImage Carousel For DiviCuisine PalaceWP Radio – Worldwide Online Radio Stations Directory for WordPressElastaDivi CollageSparrow: Product Reviews and Ratings for WooCommerceSV Tracking ManagerUltra Elementor AddonsWooCommerce Next Order CouponWP Contact SliderLive Scores for SportsPressPast Events ExtensionTiered Pricing Table for WooCommerceAnyWhere ElementorWP Coupons and Deals – WordPress Coupon PluginSky Login RedirectWPTools Masonry Gallery & Posts For DiviNugget by Ingot: Easy, automated and native A/B testing for everyoneWP Post BlockEverseProduct Options and Price Calculation Formulas for WooCommerce – Uni CPOFeatured Images in RSS for Mailchimp & MoreFiboSearch – Ajax Search for WooCommercePost Snippets – Custom WordPress Code Snippets CustomizerWP Smart Export (Free)Coinbase Commerce – Crypto Gateway for WooCommerceWP Dev Powers – Display Screen Dimensions to Admin PluginSSL Atlas – Free SSL Certificate & HTTPS Redirect for WordPressWP fail2ban – Advanced Security PluginXT Floating Cart for WooCommerceAuthorize.Net Payment Gateway For WooCommerceDivi Forms Styler – Gravity Forms, Fluent Forms & Contact Form 7Multipurpose Gutenberg BlockFood Store – Online Food Delivery & PickupEthereumICOACF for WooCommerce ProductPremmerce Redirect ManagerDesign for Contact Form 7 Style WordPress Plugin – CF7 WOW StylerKVoucherSheetPress – Manage WordPress Meta data with Google SheetsLive Drag and Drop Builder for Contact Form 7Ultimate Widgets LightPodcast Box – Best Podcasting Plugin for WordPressBlocked in China | Check if your site is available in the Chinese mainlandWP Author BioWooCommerce upcoming ProductsPremmerce Brands for WooCommerceVideo Player for YouTubeDelete All Comments of wordpressDigital Goods for WooCommerce CheckoutBulk Edit Posts and Products in SpreadsheetMarijuana Age VerifyWordPress News Plugin – TopNewsWpPremmerce WooCommerce Customers ManagerCP Simple NewsletterWP Frontend ProfileEasy Smooth Scroll Links – Smooth Scrolling AnchorPremmerce SEO for WooCommerceLittleBot InvoicesFrontend Admin by DynamiAppsInbound BrewCheckout with Venmo on EDDUltimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud)WC Shop Sync – Square Payment Gateway for WooCommerce, Inventory Sync Between Square and WooCommerce, Ultimate WooCommerce Square PluginBulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)Restrict – membership, site, content and user access restrictions for WordPressTK SmugMug Slideshow ShortcodeWP-Cron Status CheckerStrumenti Partita IVA per WoocommerceElementor Addons by LivemeshPrimary Addon for ElementorbbResolutionsNinja Libs Amazon SESWP SPID ItaliaMusic Player for Elementor – Audio Player & Podcast PlayerKnowledge Base documentation & wiki plugin – BasePress DocsModern Addons for Elementor Page BuilderBetter Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBossWP Group PromoterWidgets on PagesSpreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table.SVG Flags – Beautiful Scalable Flags For All Countries!Anti-Spam by Fullworks : GDPR Compliant Spam ProtectionBulk Edit Categories and Tags – Create Thousands Quickly on the EditorDelete old Posts automaticallyPremmerceTop Bar – PopUps – by WPOptinLMS Plugin – eLearning, Online Courses by AttestPost to Google My Business (Google Business Profile)EthPress – Web3 LoginUnakitLicense Manager for WooCommerceSync eCommerce NEOTK Google Fonts GDPR CompliantWP Affiliate DisclosureBlockspare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding NeededSpeculorDomain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)Ultimate Gutenberg – Custom Block TemplatesWidgets on Pages and PostsPayment gateway per Product for WooCommerceWP Notification BellConeBlog – Elementor Blog WidgetsWP Free SSL – Free SSL Certificate for WordPress and force HTTPSWP Table Builder – WordPress Table PluginMedia Library File DownloadEasy Social Feed – Social Photos Gallery – Post Feed – Like BoxCheckout with Zelle on WoocommerceWP EmailyUnlimited Elements For Elementor (Free Widgets, Addons, Templates)Frontend Admin – Add and edit posts, pages, users and more all from the frontendNicheBaseLimb Gallery | Create Beautiful Image & Video GalleriesRevivePress – Keep your Old Content EvergreenPixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and morePostcode RedirectW3SCloud Contact Form 7 to Zoho CRMShared Files – Frontend File Upload Form & Secure File SharingGrid & Styler For Contact Form 7 And DiviBlock, Suspend, Report for BuddyPressКнопка ЮMoneyChange Price Title for WooCommerceForceFieldHide Shipping Method For WooCommerceWordPress SEO ChecklistEvents Addon for ElementorSend Prebuilt EmailsWP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, Security+Appointment & Event Booking Calendar Plugin – Webba BookingDelete Duplicate PostsAlt ManagerJoli FAQ SEO – WordPress FAQ PluginChange Prices with Time for WooCommerceAdvanced Page Visit Counter – Most Wanted Analytics Plugin for WordPressKRSP Frontend File UploaderPay For Post with WooCommerceWooCommerce Bulk Edit Coupons – WP Sheet EditorPosts List Designer by Category – List Category Posts Or Recent PostsLocalSEOMapGFireM Action AfterBookPress – For Book AuthorsAdd Expires Headers & Optimized MinifyCoupon Affiliates – Affiliate Plugin for WooCommerceWP Activity LogDivi Content RestrictorCartoon UrlEvents Calendar RegistrationSecure IP LoginsShare This ImageDashy – Google Analytics advanced dashboardAmelaWordPress Dev Powers – ACF Color Coded Field Types PluginGutenberg Blocks – ACF Blocks SuiteScrollsequence – Cinematic Scroll Image Animation PluginPayment Gateway for PayFabricRankBearAwesome SSLFeatured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin)South Pole: Climate action nowPremmerce User RolesAdd Twitter Pixel for Twitter adsQuote for WooCommerce Lite – Add to Quote Plugin Lets Customers Request Custom Quotes for Products using the Request a Quote Plugin for WooCommerceAvailability datepicker – Integrate with Contact Form 7 and DiviWooCommerce PayPlugWPBITS Addons For Elementor Page BuilderWP SMS Plugin – WordPress SMS Two Factor Authentication – 2FA, Two Factor, OTP SMS and EmailFullscreen MenuFuse Social Floating SidebarVideopackmyCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for GamificationBlock Styler For Gravity FormsPremmerce Wholesale Pricing for WooCommerceBook BuyBack PricesProduct Customer List for WooCommerceGift Message for WooCommerceEasy PrayerPremmerce Multi-currency for WoocommerceQuick Paypal PaymentsMigrate WordPress Website & Backups – Prime MoverIks Menu – WordPress Category Accordion Menu & FAQsContact List – Premium Staff Listing, Business Directory Plugin & Address BookWordPress form builder plugin for contact forms, surveys and quizzes – TripettoUltimeterEthereum WalletSurveyFunnel – Survey Plugin for WordPressClickerVolt – Affiliate Links & Click Tracking for Performance MarketersWordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.azw woocommerce file uploadsDeMomentSomTres AddressWordPress Persistent LoginDrop Shadow BoxesGenerate Images – Magic Post ThumbnailAdFoxly – Ad Manager, AdSense Ads & Ads.txtRemove Add to Cart WooCommerceDynamic Pricing and Discount Rules for WooCommerceRadio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPressWCC SEO Keyword ResearchFAQ Manager For Divi, Gutenberg Block & ShortcodeAny Popup – Popup Forms, Optins & AdsWadi SurveySlideDeck: Responsive WordPress Slider PluginDocument Viewer- Plugin to Display MS Office DocsXT Quick View for WooCommercePlace Order Without Payment for WooCommerceBetter SharingTeam Collaboration Plugin for WordPress Editorial teams- MulticollabWP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareBetter Elementor AddonsQuick Event ManagerRun Contests, Raffles, and Giveaways with ContestsWPSKT Templates – 100% free Elementor & Gutenberg templatesDelivery for WooCommerceQuick Contact FormFAQ / Accordion / Docs – Helpie WordPress FAQ Accordion pluginRocket Maintenance Mode & Coming Soon PageEther and ERC20 tokens WooCommerce Payment GatewayWPVisitorInfo – Show Visitor Information & Conditional Data Based On That InformationHM Multiple RolesUltimate Carousel For DiviAFI – The Easiest Integration PluginWP MooseFraud Prevention For WooCommerce and EDDBest Responsive Comparison Table for Gutenberg Editor – NicheTableAdd Tiktok Pixel for Tiktok ads (+Woocommerce)Contact Widgets For Elementor all the contact links you need in one placeProtect Uploads with Login – Protect Your UploadsBulk Edit and Create User Profiles – WP Sheet EditorDa ReactionsMass Pages/Posts CreatorWholesale for WooCommerce — This Wholesale Plugin Helps B2B and B2C Businesses Streamline Wholesale Products, Pricing, and User Roles, Automating their WooCommerce Wholesale StoresQuick Affiliate StoreWordPress Animation Plugin – Animated EverythingWPBakery Page Builder Addons by LivemeshProduct Attachment for WooCommerceAnnouncement & Notification Banner – BulletinAll-in-One Video GallerySocial Gallery LiteRun time Image resizingWUPO Group Attributes for WooCommerceMapGeo – Interactive Geo MapsPinblocks — Gutenberg blocks with Pinterest widgetsDivi Torque Lite – Divi Theme and Extra ThemeSocialMark – Easy Watermark/Logo on Social Media Post Link Share PreviewSQL Reporting Services – SSRS Plugin for WordPressGet Directions MapCaxton – Create Pro page layouts in GutenbergAnt Admin Notices for TeamBetter Messages – WCFM IntegrationZip Code RedirectRedirection for Contact Form 7Custom Login Page CustomizerGet Better Reviews for WooCommerceNew User ApproveTurbo WidgetsMobile View for Responsive web design optimization (UX design) + Mobile Friendly TestThank You Page for WooCommerceBuilder for WooCommerce product reviews shortcodes – ReviewShortkk Star Ratings – Rate Post & Collect User FeedbacksLogo Showcase – Responsive Logo Carousel, Logo Slider & Logo GridRaCar Clear Cart for WooCommerceDeMomentSomTres Media Tools AutoWordPress Google TranslateEasy Tiktok FeedModern Designs for Gravity FormsEasy Math Captcha for CF7Filr – Secure document libraryPreloader for DiviMeridiaWidget Detector for ElementorBrandAutomatic YouTube GalleryRest Routes – Custom Endpoints for WordPress REST APIPurosaYatri ToolsWoowGallery – image gallery / content gallery / ecommerce gallery / social gallery / video gallery / album photo galleryWP Required Taxonomies – Categories and Tags MandatoryWordPress Books GalleryWP Disable SitemapAdd Linkedin insight tags for Linkedin adsProduct Image Watermark for WooFooter Plugin for DiviOverlay Image Divi ModuleDuplicate Variations for WoocommerceWooCommerce Google Analytics Integration By Advanced WC AnalyticsDrip Feed Content Extended for LearndashError Log MonitorBlog Grid & Post Grid – Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry, Category Post Grid By News & Blog Designer PackPremmerce Product Search for WooCommerceYASR – Yet Another Star Rating Plugin for WordPressMultisite Robots.txt ManagerInternal Linking for SEO traffic & Ranking – Auto internal links (100% automatic)Woo Admin Product NotesRoyal Elementor Addons and TemplatesSnazzyAdmin WP Admin ThemeSocial KitwGauge – Free VersionElementor Addon ElementsWooCommerce Country Catalogs – Product Country RestrictionsWordPress SEO Audit Plugin – WP Site AuditorWP Tools Divi Product CarouselAds.txt & App-ads.txt Manager for WordPressSimple SponsorshipsKikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerceWP Page TemplatesGuest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front EditorWordPress WooCommerce Sync for Google SheetBooking Calendar | Appointment Booking | BookitFlat Rate Shipping Plugin For WooCommerceGuestofy – Restaurant Reservations Plugin, Room Planer, Reservation FormWP Link BioWordPress Dev Powers – Element Selector jQuery Powers PluginFull Page Blog DesignerTwentyFourth WP ScraperBlock Slider – Responsive Image Slider, Video Slider & Post SliderEnhanced Ecommerce Google Analytics for WooCommerceWidget for Contact form 7Stackable – Page Builder Gutenberg BlocksSimple Feature Requests Free – User Feedback BoardBlockyPage – Gutenberg Based Page BuilderWP AutoMedicGallery PhotoBlocksContact Form 7 – Capsule CRM – IntegrationEvent Tickets and RegistrationEasy Settings for LearnDashWordPress Auto SEO Plugin – Upfiv SEO WizardWP Relevant AdsForms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, WebhookUser Menus – Nav Menu VisibilityLittleBot ACH for Stripe + PlaidUnder ConstructionMaster Accordion ( Former WP Awesome FAQ Plugin )XT Points & Rewards for WooCommerceCF7 Constant Contact Fields MappingWP Data Access – WordPress App, Table and Form Builder pluginPassster – Password Protect Pages and ContentOut of stock display for woocommerceClean Social IconsCheckout with Cash App on EDDAutoSave NetSSL Certificate – Free SSL, HTTPS by SSL ZenGateway for PayLate on WooCommerceCourt Reservation – Manage Your Court Bookings OnlineAffiliate Link Builder Plugin for Amazon Associates – Review EngineAdvanced Custom Fields options import/exportRT Easy Builder – Advanced addons for ElementorThe best plugin for restrict content, support all Custom Post Types and Elementor – Password ProtectedChoice Payment Gateway for WooCommerceURL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPressWooCommerce Shipping gateway per ProductWP Tools Divi Blog CarouselSimple Social Page Widget & ShortcodeUltimate Bulk SEO Noindex Nofollow – Speed up Penalty Recovery Ultimate SEO BoosterEducation Addon for ElementorAdvanced Classifieds & Directory ProCode ManagerHuCommerce | Magyar WooCommerce kiegészítésekFree Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC BookingFeedpress Generator – External RSS Frontend CustomizerSTAX Header BuilderWP Google Street View (with 360° virtual tour) & Google maps + Local SEOUltimate Divi Modules Suite – Divi Sumo LiteWordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and ScheduleFIT: Featured Image ToolkitConversion de moneda WoocommerceWP Adminify – Custom WordPress Dashboard, Login and Admin CustomizerGo Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view countersWooCommerce Bulk Edit Products – WP Sheet EditorWP SierraWordPress Gallery Plugin – Edge Photo GalleryPootle Pagebuilder – WordPress Page builderTickera – WordPress Event Ticketing
CWE ID-CWE-862
Missing Authorization
CVE-2022-45830
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.46%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 15:02
Updated-05 Jun, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify - Google Analytics Dashboard plugin <= 4.2.3 - Privilege Escalation vulnerability

Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.

Action-Not Available
Vendor-analytifyAnalytify
Product-analytify_-_google_analytics_dashboardAnalytify
CWE ID-CWE-862
Missing Authorization
CVE-2025-30897
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.78%
||
7 Day CHG-0.02%
Published-27 Mar, 2025 | 10:55
Updated-09 Jun, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify plugin <= 5.5.1 - Settings Change vulnerability

Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1.

Action-Not Available
Vendor-analytifyAdnan
Product-analytify_-_google_analytics_dashboardAnalytify
CWE ID-CWE-862
Missing Authorization
CVE-2025-26773
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.41%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 11:38
Updated-06 Jun, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify plugin <= 5.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.0.

Action-Not Available
Vendor-analytifyAdnan
Product-analytify_-_google_analytics_dashboardAnalytify
CWE ID-CWE-862
Missing Authorization
CVE-2024-5607
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.55%
||
7 Day CHG~0.00%
Published-07 Jun, 2024 | 02:39
Updated-29 Oct, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting

The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings, update page content, send arbitrary emails and inject malicious web scripts.

Action-Not Available
Vendor-NinjaTeam
Product-gdpr_ccpa_compliance_\&_cookie_consent_bannerGDPR CCPA Compliance & Cookie Consent Banner
CWE ID-CWE-862
Missing Authorization
CVE-2024-5309
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.15%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 08:30
Updated-11 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Form Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12.

Action-Not Available
Vendor-wpvibeswpvibes
Product-form_vibesForm Vibes – Database Manager for Forms
CWE ID-CWE-862
Missing Authorization
CVE-2019-4158
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.21%
||
7 Day CHG~0.00%
Published-25 Jun, 2019 | 15:45
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.

Action-Not Available
Vendor-IBM Corporation
Product-security_access_managerSecurity Access Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-50456
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.70%
||
7 Day CHG+0.02%
Published-29 Oct, 2024 | 21:00
Updated-07 Nov, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.

Action-Not Available
Vendor-seopressThe SEO Guys at SEOPress
Product-seopressSEOPress
CWE ID-CWE-862
Missing Authorization
CVE-2024-4468
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.57% / 67.64%
||
7 Day CHG+0.15%
Published-08 Jun, 2024 | 07:37
Updated-31 Oct, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Salon booking system <= 9.9 - Missing Authorization

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber access or higher to modify plugin settings and view discount codes intended for other users.

Action-Not Available
Vendor-salonbookingsystemwordpresschef
Product-salon_booking_systemSalon Booking System
CWE ID-CWE-862
Missing Authorization
CVE-2023-46616
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.90%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Draw Attention plugin <= 2.0.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15.

Action-Not Available
Vendor-N Squared Digital, LLC
Product-Draw Attention
CWE ID-CWE-862
Missing Authorization
CVE-2024-43260
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Clearfy Cache plugin <= 2.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Creative Motion Clearfy Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clearfy Cache: from n/a through 2.2.4.

Action-Not Available
Vendor-Creative Motion
Product-Clearfy Cache
CWE ID-CWE-862
Missing Authorization
CVE-2024-43268
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Backup and Restore WordPress plugin <= 1.50 - Broken Access Control vulnerability

Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows . This issue affects Backup and Restore WordPress: from n/a through 1.50.

Action-Not Available
Vendor-WPBackItUp
Product-Backup and Restore WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2024-43312
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 35.42%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9.

Action-Not Available
Vendor-wpcleverWPClever
Product-wpc_frequently_bought_together_for_woocommerceWPC Frequently Bought Together for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-3942
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 18.89%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-21 Jan, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated attackers, with subscriber level permissions and above, to read and modify content such as course questions, post titles, and taxonomies.

Action-Not Available
Vendor-stylemixthemesstylemix
Product-masterstudy_lmsMasterStudy LMS WordPress Plugin – for Online Courses and Education
CWE ID-CWE-862
Missing Authorization
CVE-2024-38737
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ReDi Restaurant Reservation plugin <= 24.0422 - Broken Access Control vulnerability

Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422.

Action-Not Available
Vendor-Reservation Diary
Product-ReDi Restaurant Reservation
CWE ID-CWE-862
Missing Authorization
CVE-2023-0404
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 6.00%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 14:25
Updated-07 Nov, 2023 | 04:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. While the plugin is still pending review from the WordPress repository, site owners can download a copy of the patched version directly from the developer's Github at https://github.com/liedekef/events-made-easy

Action-Not Available
Vendor-e-dynamicsliedekef
Product-events_made_easyEvents Made Easy
CWE ID-CWE-862
Missing Authorization
CVE-2024-37483
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Post Grid: from n/a through 7.7.4.

Action-Not Available
Vendor-Post Grid Team by RadiusTheme
Product-The Post Grid
CWE ID-CWE-862
Missing Authorization
CVE-2024-37250
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 19.93%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Subscriber+ Broken Access Control vulnerability

Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1.

Action-Not Available
Vendor-WPEngine Inc.
Product-Advanced Custom Fields PRO
CWE ID-CWE-862
Missing Authorization
CVE-2024-34690
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 47.36%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 02:17
Updated-09 Aug, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP Student Life Cycle Management (SLcM)

SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application.

Action-Not Available
Vendor-SAP SE
Product-student_life_cycle_managementSAP Student Life Cycle Management
CWE ID-CWE-862
Missing Authorization
CVE-2024-33636
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.69%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 08:21
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Page Post Widget Clone plugin <= 1.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1.

Action-Not Available
Vendor-Mahesh Vora
Product-WP Page Post Widget Clone
CWE ID-CWE-862
Missing Authorization
CVE-2024-2017
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.74%
||
7 Day CHG+0.06%
Published-06 Jun, 2024 | 02:38
Updated-01 Aug, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns.

Action-Not Available
Vendor-Adam Skaat (Edmonsoft)
Product-countdown_builderCountdown, Coming Soon, Maintenance – Countdown & Clock
CWE ID-CWE-862
Missing Authorization
CVE-2024-13775
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-01 Feb, 2025 | 12:21
Updated-24 Feb, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Information Exposure

The WooCommerce Support Ticket System plugin for WordPress is vulnerable to unauthorized access and loss of data due to missing capability checks on the 'ajax_delete_message', 'ajax_get_customers_partial_list', and 'ajax_get_admins_list' functions in all versions up to, and including, 17.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts, and read names, emails, and capabilities of all users.

Action-Not Available
Vendor-Vanquish
Product-woocommerce_support_ticket_systemWooCommerce Support Ticket System
CWE ID-CWE-862
Missing Authorization
CVE-2024-12617
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-24 Dec, 2024 | 04:22
Updated-24 Dec, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WC Price History for Omnibus <= 2.1.3 - Missing Authorization

The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and modify history data.

Action-Not Available
Vendor-kkarpieszuk
Product-WC Price History for Omnibus
CWE ID-CWE-862
Missing Authorization
CVE-2024-12825
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-01 Feb, 2025 | 07:21
Updated-21 Feb, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Custom Related Posts <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation Updates

The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to search posts and link/unlink relations.

Action-Not Available
Vendor-brechtvdsbrechtvds
Product-custom_related_postsCustom Related Posts
CWE ID-CWE-862
Missing Authorization
CVE-2024-12204
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-11 Jan, 2025 | 02:20
Updated-13 Jan, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization

The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create 100% off coupons, delete posts, delete leads, and update coupon statuses.

Action-Not Available
Vendor-galdub
Product-Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups
CWE ID-CWE-862
Missing Authorization
CVE-2024-1042
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.11% / 30.41%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 04:30
Updated-28 Jan, 2025 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated attackers, with subscriber access and above, to import radio stations, remove countries, and modify the plugin's settings, which can lead to Cross-Site Scripting, tracked separately in CVE-2024-1041.

Action-Not Available
Vendor-wpmilitaryprinceahmed
Product-wp_radioWP Radio – Worldwide Online Radio Stations Directory for WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2024-11085
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.25%
||
7 Day CHG~0.00%
Published-16 Nov, 2024 | 03:20
Updated-18 Nov, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Log Viewer <= 1.2.1 - Missing Authorization

The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access logs, update plugin-related user settings and general plugin settings.

Action-Not Available
Vendor-maxwellberkel
Product-WP Log Viewer
CWE ID-CWE-862
Missing Authorization
CVE-2023-42473
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.80%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 01:36
Updated-27 Feb, 2025 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization Check In S/4HANA (Manage Withholding Tax Items)

S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application.

Action-Not Available
Vendor-SAP SE
Product-s\/4hanaS/4HANA (Manage Withholding Tax Items)
CWE ID-CWE-862
Missing Authorization
CVE-2023-40625
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.80%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 02:00
Updated-25 Sep, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP Manage Purchase Contracts App

S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.

Action-Not Available
Vendor-SAP SE
Product-s4coreSAP Manage Purchase Contracts App
CWE ID-CWE-862
Missing Authorization
CVE-2022-36910
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.31% / 53.31%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:26
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to reindex the database and to obtain information about jobs otherwise inaccessible to them.

Action-Not Available
Vendor-Jenkins
Product-lucene-searchJenkins Lucene-Search Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-10078
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.29% / 51.87%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 07:35
Updated-22 Oct, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts.

Action-Not Available
Vendor-newsignaturechertzwp_easy_post_types_project
Product-wp_easy_post_typesWP Easy Post Typeswp_easy_post_types
CWE ID-CWE-862
Missing Authorization
CVE-2023-6369
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.33% / 54.83%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:32
Updated-03 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings.

Action-Not Available
Vendor-myrecorprecorp
Product-export_wp_page_to_static_html\/cssExport WP Page to Static HTML/CSS
CWE ID-CWE-862
Missing Authorization
CVE-2022-28134
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.91% / 74.81%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 12:30
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.

Action-Not Available
Vendor-Jenkins
Product-bitbucket_server_integrationJenkins Bitbucket Server Integration Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2022-31128
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 37.02%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 16:20
Updated-23 Apr, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fine grained permissions are not checked in Tuleap

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-862
Missing Authorization
CVE-2022-31597
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 35.27%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 20:27
Updated-03 Aug, 2024 | 07:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.

Action-Not Available
Vendor-SAP SE
Product-sapscores\/4hanaSAP S/4HANA
CWE ID-CWE-862
Missing Authorization
CVE-2023-37963
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 27.13%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 15:53
Updated-06 Nov, 2024 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-benchmark_evaluatorJenkins Benchmark Evaluator Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-48222
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.24% / 46.21%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 21:59
Updated-29 Aug, 2024 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated users can view or delete jobs they do not have authorization for in Rundeck

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks. This issue has been addressed in version 4.17.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-pagerdutyrundeck
Product-rundeckrundeck
CWE ID-CWE-862
Missing Authorization
CVE-2022-26102
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 40.25%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:35
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_abapSAP NetWeaver Application Server for ABAP
CWE ID-CWE-862
Missing Authorization
CVE-2023-33970
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 41.76%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 19:54
Updated-08 Jan, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing access control in internal task links feature in Kanboard

Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-kanboardkanboard
Product-kanboardkanboard
CWE ID-CWE-862
Missing Authorization
CVE-2023-32094
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.80%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:30
Updated-09 Dec, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Extended Post Status plugin <= 1.0.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Felix Welberg Extended Post Status allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extended Post Status: from n/a through 1.0.19.

Action-Not Available
Vendor-Felix Welberg
Product-Extended Post Status
CWE ID-CWE-862
Missing Authorization
CVE-2024-7621
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 13.20%
||
7 Day CHG~0.00%
Published-10 Aug, 2024 | 02:01
Updated-12 Aug, 2024 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings which can also be leveraged to gain access to the plugin's settings.

Action-Not Available
Vendor-wpfeedbackwpfeedback
Product-Visual Website Collaboration, Feedback & Project Management – Atarimvisual_website_collaboration
CWE ID-CWE-862
Missing Authorization
CVE-2023-32240
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.06%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 15:05
Updated-03 Jan, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woodmart theme <= 7.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1.

Action-Not Available
Vendor-XTemos Studio
Product-WoodMart
CWE ID-CWE-862
Missing Authorization
CVE-2023-31214
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.53%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:30
Updated-09 Dec, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Quick Post Duplicator plugin <= 2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through 2.0.

Action-Not Available
Vendor-Arul Prasad J
Product-WP Quick Post Duplicator
CWE ID-CWE-862
Missing Authorization
CVE-2024-6392
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.71%
||
7 Day CHG~0.00%
Published-11 Jul, 2024 | 21:31
Updated-15 Aug, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized plugin settings modification due to missing capability checks on the plugin functions in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the connected Sirv account to an attacker-controlled one.

Action-Not Available
Vendor-sirvsirv
Product-sirvImage Optimizer, Resizer and CDN – Sirv
CWE ID-CWE-862
Missing Authorization
CVE-2021-42331
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 32.01%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 12:10
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-2

The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters.

Action-Not Available
Vendor-xinheinformationShinHer Information Co., LTD.
Product-xinhe_teaching_platform_systemShinHer StudyOnline System
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2023-2945
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.82%
||
7 Day CHG+0.04%
Published-27 May, 2023 | 00:00
Updated-14 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization in openemr/openemr

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.

Action-Not Available
Vendor-OpenEMR Foundation, Inc
Product-openemropenemr/openemr
CWE ID-CWE-862
Missing Authorization
CVE-2024-56225
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.68%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:23
Updated-31 Dec, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Premium Addons for Elementor plugin <= 4.10.56 - Broken Access Control vulnerability

Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56.

Action-Not Available
Vendor-Leap13
Product-Premium Addons for Elementor
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found