Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-1850

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-09 Apr, 2024 | 18:58
Updated At-08 Apr, 2026 | 16:49
Rejected At-
Credits

AI Post Generator | AutoWriter <= 3.3 - Missing Authorization

The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions. CVE-2024-32713 may be a duplicate of this issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:09 Apr, 2024 | 18:58
Updated At:08 Apr, 2026 | 16:49
Rejected At:
▼CVE Numbering Authority (CNA)
AI Post Generator | AutoWriter <= 3.3 - Missing Authorization

The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions. CVE-2024-32713 may be a duplicate of this issue.

Affected Products
Vendor
kekotron
Product
AI Post Generator | AutoWriter
Default Status
unaffected
Versions
Affected
  • From 0 through 3.3 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Lucio Sá
Timeline
EventDate
Disclosed2024-03-21 00:00:00
Event: Disclosed
Date: 2024-03-21 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc47ca-15ca-4817-b1b8-389245725e73?source=cve
N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056020%40ai-post-generator&new=3056020%40ai-post-generator&sfp_email=&sfph_mail=
N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3057511%40ai-post-generator&new=3057511%40ai-post-generator&sfp_email=&sfph_mail=
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc47ca-15ca-4817-b1b8-389245725e73?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056020%40ai-post-generator&new=3056020%40ai-post-generator&sfp_email=&sfph_mail=
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3057511%40ai-post-generator&new=3057511%40ai-post-generator&sfp_email=&sfph_mail=
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc47ca-15ca-4817-b1b8-389245725e73?source=cve
x_transferred
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056020%40ai-post-generator&new=3056020%40ai-post-generator&sfp_email=&sfph_mail=
x_transferred
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3057511%40ai-post-generator&new=3057511%40ai-post-generator&sfp_email=&sfph_mail=
x_transferred
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc47ca-15ca-4817-b1b8-389245725e73?source=cve
Resource:
x_transferred
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056020%40ai-post-generator&new=3056020%40ai-post-generator&sfp_email=&sfph_mail=
Resource:
x_transferred
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3057511%40ai-post-generator&new=3057511%40ai-post-generator&sfp_email=&sfph_mail=
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:09 Apr, 2024 | 19:15
Updated At:15 Apr, 2026 | 00:35

The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin (even in non-published status), create new posts (and publish them), publish unpublished post or perform post deletions. CVE-2024-32713 may be a duplicate of this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056020%40ai-post-generator&new=3056020%40ai-post-generator&sfp_email=&sfph_mail=security@wordfence.com
N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3057511%40ai-post-generator&new=3057511%40ai-post-generator&sfp_email=&sfph_mail=security@wordfence.com
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc47ca-15ca-4817-b1b8-389245725e73?source=cvesecurity@wordfence.com
N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056020%40ai-post-generator&new=3056020%40ai-post-generator&sfp_email=&sfph_mail=af854a3a-2127-422b-91ae-364da2661108
N/A
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3057511%40ai-post-generator&new=3057511%40ai-post-generator&sfp_email=&sfph_mail=af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc47ca-15ca-4817-b1b8-389245725e73?source=cveaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056020%40ai-post-generator&new=3056020%40ai-post-generator&sfp_email=&sfph_mail=
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3057511%40ai-post-generator&new=3057511%40ai-post-generator&sfp_email=&sfph_mail=
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc47ca-15ca-4817-b1b8-389245725e73?source=cve
Source: security@wordfence.com
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3056020%40ai-post-generator&new=3056020%40ai-post-generator&sfp_email=&sfph_mail=
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3057511%40ai-post-generator&new=3057511%40ai-post-generator&sfp_email=&sfph_mail=
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc47ca-15ca-4817-b1b8-389245725e73?source=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

106Records found
CVE-2024-45461
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.7||MEDIUM
EPSS-0.14% / 33.96%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 07:54
Updated-21 Feb, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CloudStack Quota plugin: Access checks not enforced in Quota

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting "quota.enable.service" to "false".

Action-Not Available
Vendor-The Apache Software Foundation
Product-cloudstackApache CloudStack Quota plugin
CWE ID-CWE-862
Missing Authorization
CVE-2025-53236
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.09%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 14:32
Updated-28 Apr, 2026 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UDesign Core plugin <= 4.14.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in AndonDesign UDesign Core u-design-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UDesign Core: from n/a through <= 4.14.0.

Action-Not Available
Vendor-AndonDesign
Product-UDesign Core
CWE ID-CWE-862
Missing Authorization
CVE-2025-64192
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 12.47%
||
7 Day CHG-0.02%
Published-18 Dec, 2025 | 07:22
Updated-28 Apr, 2026 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XStore theme < 9.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.

Action-Not Available
Vendor-8theme
Product-XStore
CWE ID-CWE-862
Missing Authorization
CVE-2025-49377
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.09%
||
7 Day CHG~0.00%
Published-22 Oct, 2025 | 14:32
Updated-28 Apr, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through <= 1.1.9.

Action-Not Available
Vendor-Themefic
Product-Hydra Booking
CWE ID-CWE-862
Missing Authorization
CVE-2018-20501
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 30.35%
||
7 Day CHG~0.00%
Published-30 Dec, 2019 | 21:24
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-862
Missing Authorization
CVE-2025-47565
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 43.04%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 11:18
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ashanjay EventON eventon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventON: from n/a through <= 4.9.9.

Action-Not Available
Vendor-ashanjay
Product-EventON
CWE ID-CWE-862
Missing Authorization
CVE-2024-4450
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.13% / 32.18%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 03:12
Updated-08 Apr, 2026 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AliExpress Dropshipping with AliNext Lite <= 3.3.6 - Missing Authorization via Several Functions

The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products. CVE-2024-37210 is likely a duplicate of this issue.

Action-Not Available
Vendor-ali2wooali2woo
Product-aliexpress_dropshipping_with_alinextAliExpress Dropshipping Plugin for WooCommerce & WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2025-43009
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 43.10%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 00:19
Updated-13 May, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP Service Parts Management (SPM)

SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP Service Parts Management (SPM)
CWE ID-CWE-862
Missing Authorization
CVE-2024-43954
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.25% / 48.70%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 15:18
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Droip plugin <= 1.1.1 - Subscriber+ Settings Change/Data Exposure Vulnerability

Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.

Action-Not Available
Vendor-Themeum
Product-droipDroip
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2025-43007
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 43.10%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 00:19
Updated-13 May, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP Service Parts Management (SPM)

SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP Service Parts Management (SPM)
CWE ID-CWE-862
Missing Authorization
CVE-2025-36361
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 11.36%
||
7 Day CHG~0.00%
Published-24 Oct, 2025 | 09:35
Updated-28 Oct, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA

IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.

Action-Not Available
Vendor-IBM Corporation
Product-app_connect_enterpriseApp Connect Enterprise
CWE ID-CWE-862
Missing Authorization
CVE-2024-43285
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 31.11%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Presto Player plugin <= 3.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Presto Made, Inc Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Presto Player: from n/a through 3.0.2.

Action-Not Available
Vendor-Presto Made, Inc
Product-Presto Player
CWE ID-CWE-862
Missing Authorization
CVE-2024-43146
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 30.23%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Accelerated Mobile Pages plugin <= 1.0.96.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AMP for WP: from n/a through 1.0.96.1.

Action-Not Available
Vendor-Mohammed & Ahmed Kaludi (Magazine3)
Product-AMP for WP
CWE ID-CWE-862
Missing Authorization
CVE-2024-43045
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.3||MEDIUM
EPSS-0.57% / 68.73%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 13:27
Updated-25 Mar, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views".

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-862
Missing Authorization
CVE-2026-39651
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.31%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 08:30
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Total Poll Lite plugin <= 4.12.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through <= 4.12.0.

Action-Not Available
Vendor-TotalSuite
Product-Total Poll Lite
CWE ID-CWE-862
Missing Authorization
CVE-2026-40133
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 2.45%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 02:21
Updated-12 May, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP S/4HANA Condition Maintenance

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the legitimate user from accessing the records, causing low impact on application availability.

Action-Not Available
Vendor-SAP SE
Product-SAP S/4HANA Condition Maintenance
CWE ID-CWE-862
Missing Authorization
CVE-2026-39488
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.31%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 08:30
Updated-29 Apr, 2026 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SureCart plugin <= 4.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2.

Action-Not Available
Vendor-SureCart
Product-SureCart
CWE ID-CWE-862
Missing Authorization
CVE-2026-3977
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.19%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 03:02
Updated-22 Apr, 2026 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
projectsend AJAX Endpoints authorization

A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141107e6b. To fix this issue, it is recommended to deploy a patch.

Action-Not Available
Vendor-n/a
Product-projectsend
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-3942
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.84%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-08 Apr, 2026 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated attackers, with subscriber level permissions and above, to read and modify content such as course questions, post titles, and taxonomies.

Action-Not Available
Vendor-stylemixthemesstylemix
Product-masterstudy_lmsMasterStudy LMS WordPress Plugin – for Online Courses and Education
CWE ID-CWE-862
Missing Authorization
CVE-2024-38506
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 4.54%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 10:42
Updated-23 Aug, 2024 | 02:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2024-38707
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 45.80%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmbedPress plugin <= 4.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EmbedPress: from n/a through 4.0.4.

Action-Not Available
Vendor-WPDeveloper
Product-embedpressEmbedPress
CWE ID-CWE-862
Missing Authorization
CVE-2024-37542
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.63%
||
7 Day CHG~0.00%
Published-06 Jul, 2024 | 12:40
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.

Action-Not Available
Vendor-WpDevArt
Product-galleryResponsive Image Gallery, Gallery Album
CWE ID-CWE-862
Missing Authorization
CVE-2024-37929
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.15% / 35.15%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in solwin User Activity Log Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Activity Log Pro: from n/a through 2.3.4.

Action-Not Available
Vendor-solwin
Product-User Activity Log Pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-37516
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.17% / 37.07%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Featured Image from URL (FIFU) plugin <= 4.8.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.2.

Action-Not Available
Vendor-fifu.app
Product-Featured Image from URL
CWE ID-CWE-862
Missing Authorization
CVE-2024-34824
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.06%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:27
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20.

Action-Not Available
Vendor-themeboyThemeBoy
Product-sportspressSportsPress – Sports Club & League Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-34826
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 30.23%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 15:07
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler.This issue affects CF7 WOW Styler: from n/a through <= 1.6.4.

Action-Not Available
Vendor-Saleswonder Team: Tobias
Product-CF7 WOW Styler
CWE ID-CWE-862
Missing Authorization
CVE-2024-33923
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 20.72%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:24
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SP Project & Document Manager plugin <= 4.69 - Broken Access Control vulnerability

Missing Authorization vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from n/a through 4.69.

Action-Not Available
Vendor-Smartypants
Product-SP Project & Document Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-31307
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 27.95%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:08
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Social Share Buttons plugin <= 9.4 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in appscreo Easy Social Share Buttons.This issue affects Easy Social Share Buttons: from n/a through 9.4.

Action-Not Available
Vendor-appscreoidiom_interactive
Product-Easy Social Share Buttonseasy_social_share_buttons
CWE ID-CWE-862
Missing Authorization
CVE-2024-31281
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.56% / 68.59%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:54
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin plugin <= 4.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.6.

Action-Not Available
Vendor-church_admin_projectandy_moyle
Product-church_adminChurch Admin
CWE ID-CWE-862
Missing Authorization
CVE-2024-30528
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 22.96%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 19:19
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spiffy Calendar plugin <= 4.9.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.

Action-Not Available
Vendor-spiffypluginsSpiffy Plugins
Product-spiffy_calendarSpiffy Calendar
CWE ID-CWE-862
Missing Authorization
CVE-2022-4974
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 42.70%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 06:43
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Freemius SDK <= 2.4.2 - Missing Authorization Checks

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.

Action-Not Available
Vendor-mantrabrainscrollsequenceclosetechnologyproteusthemessnazzythemespeterschulznljavmahbuttonizersslzenwpkubekaggdesigncyberhoboakdevsjaydeep-nimavataharonyanmhmrajibproperfractionjohnc1979oloyede-jamiuivanchernyakovmatthias-reuterkaizencodersshabtidanish-alitheafricanboss/vinod-dalviwordplusultimateblocksninjalibsmattpramschuferbrightvesseldevwalkerwpmohsinofflinexjohnykdavidandersonalekvsamdaniannastaacodeieswpsaadatakanozdaniyalahmedkkartikparmarthinleekwpscriptsjamesparkninjanitin247takanakuiethereumicoiothijziecleverpluginsoceanwpinteractivegeomapsultradevswpbitsgaloovergloriousthemespaulio21commercepunditpootlepresskoen12344bfintalchetmacwpmoosenicheaddonshalmatprasadkirpekarwpdevpowersalexmosstickeraalphabposervicefsruslanshawoninfomcurlywhiteshadowvohotv/wptravelenginewiserstepssindyakinsergeihiddenpearlsmaciejbak85wpsoulstaxwpkhothemesmoomooagencyrebelcodelynn999damian-goralostboy7glowlogixrankbearkylegilmanmaartenbelmansivan_paulinsonalsinha21unitecmstranzlywpenginewebheadllcpluginswaremajickjkohlbachrisethemepagebuildersandwichpassionatebrainswpgeniuzwpconedevlimbcodeshelob9wpjolicmbibby/jburleigh1protectyouruploadsfrostbournalleythemesanasbinmukimprinceahmedavidthemes/npluginstprintyedisonavesamuelsilvaptwoopopstherealwebdisruptkenanfallonpasyuksyntacticsekanathdashlabsltdweconnectcodewpeventpartners/gowebsmartymodulemastersggriesserjurskipippozanardogfiremaguilerasoftwoodyhaydaydanielealessandrawebmuehlemte90gkher/tobias_conraduriahs-victorbeeneebalex-yesmartwpressdejanmarkovicolezhyk5elbisnerow3scloudjwindswitcorp5starpluginsshamim51kartikparmar/bestpluginswordpresselliotvsjanwylronena100plugins360ankitmarucliffpaulickwordpresschefldninjas/anfrageformularfoopluginstobias_conrad/sebet/blockypagemuhammad-rehmandreamfoxsorsawowpmunichlinekalspartacchillichallibadhonrocksblockmeisterclosemarketing/josevegamojofywpmberdingxplodedthemesupfivthemekraftthemelocationtoddhalfpennysvovafwpdivemilukove/wupoandyabelowcodexonicsbandidodeothemesslidedeckoceascloudspongedarellwgaugesalttechnointerfacelabmumarym1985patrickgarmanwpmagicsmohammedrezqggeddemilmorcoderpresssmgteamdivisumorenaudbodstarfishwpwphrmanagersakurapixelwpcohortstevehentyjcodexwebba-agencynasirahmed9brada6mikebelsdvizheniapowerfulwpactuaryzaskdangub86imtiazrayhanmaxsdesigndipcodeirkanulivemeshjwebsollistplusahmed17inputwpeedeeskymindscebbiflexithemeswpvibesdaigo75kairaskshaikatgiladtakonisovstackpremmercesurbmamaltathemespootlepress/equalizedigitalinfosatechthemeythemeslukeseagerdiviframeworkwp-makingkartechifyzeethemesebetrafacarvalhidomelapressthemeseixyulexstreamweaselsroyalnavneetstevejburgemajick/blackandwhitedigitalmnelson4iksstudiopmbaldhapatrickposnerpluginandplayanssilaitilaversacompmaurolopes/wpchillbavokoservicestripettowpdeliciousfrenifydgwyerggwiczwpt00lsjetixwpkrsppmbaldha/essekiadrosendoco2okcypressnorthinfornwebedgegallerypluginpopeatingmilukovedotsmunirkamalusmanaliqureshibouncingsproutkkikuchi1220seezeewpeka-clublitonice13vernalwptbgreenjaymediakitthemeswplegalpagesejslondon/sj_omvvapps/tonyzeolirafalosinskimeepluginsgallerycreatormasterblockswpdevervincoitmarviorochaboriscolombier/multicollabpenguininitiativesbrandonfiresslatlasintoxstudiofastaf/mbrown24thecodechimebilaltasboltonstudiosibenicmdedevtheafricanbosscadudecastroalveswpcohort/stylingwebbenjanthielemannmarcqueraltcreativethemeshqmikewire_rocksolidbpluginszerozendesignh3technologiesfullworksivacygetsparrowcloudlivingdotrexbenmoreassynthqthemedanielisercromer12richard-bthemestymihail-barinovfoxmoonmatstarsdovyplkoudaltauhidproinvisnetsaadiqbalvanyukovtribalnerdsangarandjenhmeowcrewdudocodesavorysetkahumblethemesblockspareelementinvaderattestbycriksjavedpagupclickervoltseancarricodam6plprelctropicalistaBdThemesRoyal Elementor AddonsThe Events Calendar (StellarWP)WPWeb EliteThemeisle
Product-annasta Filters for WooCommerceBattle Suit for DiviBetter Robots.txt – AI-Ready Crawl Control & Bot GovernanceStyler Mate for Contact Form 7eaSYNC Booking – Hotels, Restaurants & Car RentalsWidget Detector for ElementorTickera – Sell Tickets & Manage EventsBlock Slider – Responsive Image Slider, Video Slider & Post SliderGloriousThemes Starter SitesGateway for PayLate on WooCommerceUltimate Post Kit Addons for ElementorDivi Content RestrictorLivemesh Addons for Beaver BuilderWidgets on Pages and PostsEvent Tickets and RegistrationWP Page TemplatesAutoSave NetAWCA – The Great Analytics Insights for Your eStoreWebinarIgnition – Live, Automated & Evergreen Webinars for WooCommerceInsert or Embed Articulate Content into WordPressForm Vibes – Database Manager for FormsQuick Contact FormLocal Delivery Drivers for WooCommerceAddon Elements for Elementor (formerly Elementor Addon Elements)Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and moreMenu Item SchedulerExpire tagsAdd Pinterest conversion tags for Pinterest Ads + Site verificationGA4WP – Analytics Dashboard for the WebsiteHM Multiple RolesWP Search FilterPlace Order Without Payment for WooCommerceBookPress – For Book AuthorsMusic Player for Elementor – Audio Player & Podcast PlayerPost Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)Bulk Attachment DownloadWordPress Dev Powers – ACF Color Coded Field Types PluginPost Carousel DiviWP Google Street View (with 360° virtual tour) & Google maps + Local SEOAutomatic Internal Links for SEO by PagupEasy Post Views CountAdvanced Page Visit Counter – Most Wanted Analytics Plugin for WordPressWordPress Gallery Plugin – Edge Photo GalleryBulk WooCommerce Category CreatorBooking Addon for WooCommerceEasy PrayerUkrposhtaPremmerce Variation Swatches for WooCommerceThe Events CalendarTK Google Fonts GDPR CompliantGuest posting / Frontend Posting / Front Editor – WP Front User SubmitDuplicate Variations for WoocommerceCF7 Constant Contact Fields MappingGeo MashupReplyable – Subscribe to Comments and Reply by EmailWP Photo EffectsMenu Image, Icons made easyAwesome SSLFiboSearch – Ajax Search for WooCommerceProduct Image Watermark for WooBetter SharingPremmerceRT Easy Builder – Advanced addons for ElementorAll-in-One Video GalleryTinyMCE AnnotateKVoucherWP fail2ban – Advanced SecurityDa ReactionsPayment Gateway for PayFabricNotification Bar, Announcement and Cookie Notice WordPress Plugin – FooBarNotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerceWP Easy Pay – Payment and Donation form Builder for SquareConversion de moneda WoocommerceCustomers Table for WooCommerce: View, Search, Bulk EditorSchema Plugin For Divi, Gutenberg & ShortcodesMaster Accordion ( Former WP Awesome FAQ Plugin )Masonry Gallery & Posts For Divi (WP Tools)Blocksy CompanionRoyal Addons for Elementor – Addons and Templates Kit for ElementorBlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block EditorWP Get PersonalPost Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post SliderGet Better Reviews for WooCommerceInbound BrewSimple Feature Requests Free – User Feedback BoardAnfrageformular – Multi Step Drag & Drop Formular Builder – LeadgenerierungEqualize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 complianceWordPress Coupon Plugin for Bloggers and Marketers – WP OffersEasy Code SnippetsDeMomentSomTres AddressDeMomentSomTres Media Tools AutoMarket ExporterWP GratifyHQTheme ExtraSlideDeck: Responsive WordPress Slider PluginMulti Page Auto Advance for Gravity FormsWP BugBotDeals of the Day WooCommercebbResolutionsSmart Variations Images & Swatches for WooCommercePremmerce Wishlist for WooCommerceRevolution for ElementorEasy Social Feed – Social Photos Gallery and Post Feed for WordPressPayment Gateway Per Product for WooCommerceWP Notification BellHelpie FAQ — Accordion, Docs & Knowledge BaseFrontend group restriction for LearnDashWidgets for WooCommerce Products on ElementorNugget by Ingot: Easy, automated and native A/B testing for everyoneGreenshift – animation and page builder blocksSTEWoo – Super Transactional Emails for WooCommerceThe best plugin for restrict content, support all Custom Post Types and Elementor – Password ProtectedFlat Rate Shipping Method for WooCommerceSimple Sitemap – Create a Responsive HTML SitemapClickerVolt – Affiliate Links & Click Tracking for Performance MarketersWooCommerce Next Order CouponNEXUSCAPTCHA 4WP – Antispam CAPTCHA solution for WordPressWP Relevant AdsIks Menu – WordPress Category Accordion Menu & FAQsWP Data Access – App Builder for Tables, Forms, Charts, Maps & DashboardsMarijuana Age VerifyWooCommerce upcoming ProductsEvents Calendar RegistrationChoice Payment Gateway for WooCommerceFilr – Secure document libraryWOW Styler for CF7 – Visual Styler for Contact Form 7 FormsPage Builder Sandwich – Front End WordPress Page Builder PluginBetter Addons for ElementorCuisine PalaceSVG Flags – Beautiful Scalable Flags For All Countries!VidSEO – Video transcript embedding for WordPress & LLMRating-Widget: Star Review SystemCryptocurrency Product for WooCommerceNew User ApproveUnakitGo Fetch Jobs (for WP Job Manager)Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic RemarketingAutomizy Gravity FormsRaCar Clear Cart for WooCommerceWP-HR Manager: The Human Resources Plugin for WordPressReally Simple Featured Video – Featured Video Support for Posts, Pages & WooCommerce ProductsWordPress Auto SEO Plugin – Upfiv SEO WizardCookie Banner for GDPR / CCPA – WPLP Cookie ConsentFunnelmentalsShipping Gateway Per Product for WooCommerceDeMomentSomTres Grid ArchiveLicense Manager for WooCommerceVit Website ReviewsLawPress – Law Firm Website ManagementSpeculorAquarella LiteJoli Table Of ContentsWP Travel Engine – Tour Booking Plugin – Tour Operator SoftwareReset Course Progress For LearnDashResponsive Social Slider WidgetNitek Carousel Slider Cool TransitionsNumber ChatStreamWeasels Twitch IntegrationTreePress – Easy Family Trees & Ancestor ProfilesEvents Addon for ElementorContact List – Online Staff Directory & Address BookProtect Uploads with Login – Protect Your UploadsFrontend Admin by DynamiAppsWholesale for WooCommerceFull Page Blog DesignerAgy – Age verification for WooCommerceEthereumICOFuse Social Floating SidebarMOBILOOK — Mobile View & Mobile‑Friendly TestServer InfoCategorify – WordPress Media Library Category & File ManagerWUPO Group Attributes for WooCommerceLMS Plugin – eLearning, Online Courses by AttestMixed Media Gallery BlocksWordPress Slider Block GutensliderBlog Sidebar WidgetOcean ExtraNicheTable – Responsive Comparison Table BlockGlossaryConeBlog – Elementor Blog WidgetsXT Floating Cart for WooCommerceAEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image OptimizationUnder ConstructionElationAll in One Invite CodesLittleBot InvoicesUltra Elementor AddonsCustom Registration and Custom Login Forms with New RecaptchaMedia Library File DownloadSecure IP LoginsDomain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and MoreClean Social IconsCoupon Affiliates – Affiliate Plugin for WooCommerceCountry Based Payments for WooCommerceFooter Plugin for DiviImage Carousel For DiviAge Verification Screen for WooCommerceDelivery for WooCommercePrice Bands for WooCommercePootle Pagebuilder – WordPress Page builderSEO Audit – WP Site AuditorSocial Gallery LiteContact Form 7 – Capsule CRM – IntegrationEverseCustom Login Page CustomizerRun time Image resizingBookit — Booking & Appointment CalendarFive-Star Ratings ShortcodeWordPress Everse Starter Sites – Elementor TemplatesSurveyFunnel – Survey Plugin for WordPressGutenberg Blocks – ACF Blocks SuiteWP Disable SitemapPro Broken Links MaintainerCustom WooCommerce Checkout Fields EditorAdd Tiktok Pixel for Tiktok ads (+Woocommerce)Security SafeFeedpress Generator – External RSS Frontend CustomizerModern Designs for Gravity FormsACF for WooCommerce ProductFile Manager for Google Drive – Integrate Google DriveAirpressDynamic Pricing and Discount Rules for WooCommerceBetter Messages – Integration for WC Vendors MarketplaceLightbox & Modal Popup WordPress Plugin – FooBoxDancePress (TRWA)SKT Templates – 100% Free Templates for Elementor & GutenbergAdvanced Classifieds & Directory ProListPlus – Unlimited Listing DirectoryUltimate Widgets LightPanorama – 360 Virtual Tour, Panoramic image viewer and MoreUltimeterQyrr – simply and modern QR-Code creationChange Price Title for WooCommerceCheckout with Cash App on EDDSV Tracking ManagerPodcast Box – Best Podcasting Plugin for WordPressElements for LifterLMSPassster – Password Protect Pages and ContentVillarAds.txt & App-ads.txt Manager for WordPressEasy Smooth Scroll Links – Smooth Scrolling AnchorLocalSEOMapWordPress form builder plugin for contact forms, surveys and quizzes – TripettoBlock, Suspend, Report for BuddyPressAdd Twitter Pixel for Twitter adsPremmerce Multi-currency for WoocommerceXT Quick View for WooCommercePrimary Addon for ElementorClimateClick: Climate Action for allFocus on Reviews for WooCommerceFeatured Images in RSS for Mailchimp & MoreSEO BoosterPremmerce Product Filter for WooCommerceBook BuyBack PricesWPGSI: Spreadsheet IntegrationSSL Atlas – Free SSL Certificate & HTTPS Redirect for WordPressWP Group PromoterFast WordPressPost Snippets – Custom WordPress Code Snippets CustomizerImage Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AIActivity Log For MainWPHasiumBlocked in China | Check if your site is available in the Chinese mainlandElastaFeatured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin)Display Eventbrite EventsWP Affiliate DisclosureRestaurant & Cafe Addon for ElementorTeam Collaboration & Content Workflow Plugin for WordPress Editorial Teams – MulticollabWordPress Animation Plugin – Animated EverythingWP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL ScanContact Form 7 Multi-Step FormsWoocommerce Customer Reviews with Artificial Intelligence analyzis, with IBM Watson Tone AnalyzerPower Ups for ElementorWP Lead StreamVideopackWordPress Translation plugin for Post, Pages & WooCommerce products. Tranzly IO AI DeepL automatic WordPress Translator.Auto SEO META keywords (META tags keywords) optimization + WooCommerceBulk Edit Coupons for WooCommerce – WP Sheet EditorWooCommerce PayPlugRW Divi Unite GalleryWP Tools Divi Product CarouselQuick Affiliate StorePremmerce Permalink Manager for WooCommercePremmerce WooCommerce Customers ManagerWP Sessions Time Monitoring Full AutomaticWP Dev Powers – Display Screen Dimensions to Admin PluginAbeta Link PunchOutScrollsequence – Cinematic Scroll Image Animation PluginPremmerce Redirect ManagerYT Player – Embed and Customize Video PlayersPremmerce Wholesale Pricing for WooCommerceDelete Duplicate Postskk Star Ratings – Rate Post & Collect User FeedbacksDelete Posts automaticallyDrip Feed Content Extended for LearndashMaster Blocks – Gutenberg Site BuilderStation Pro – Advanced Audio Streaming & Player for WordPressWordPress SEO ChecklistOverlay Image Divi ModuleAnt Admin Notices for TeamAmelaSuper Video player – Fully Customizable Video Player with PlaylistWP Conference ScheduleEasy Math Captcha for CF7OpenseaXT Ajax Add To Cart for WooCommerceTiered Pricing Table for WooCommerceBulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)Code ManagerWidget for Contact form 7StoreCustomizer – A plugin to Customize all WooCommerce PagesPopOverXYZ – Show Light Weight Beautiful Tool Tips On Any TextProduct Author for WooCommerceMaster Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template KitsPurusCaxton – Create Pro page layouts in GutenbergSalon Booking System – Free VersionWP School CalendarQuick Event ManagerWP Meta and Date RemoverTopNewsWp – Display Tikcer News, RSS Feed Widget and Many MoreWordPress Google TranslateAFI – The Easiest Integration PluginVO Store Locator – WP Store Locator PluginWS BootstrapPast Events ExtensionEasy Appointment Booking & Scheduling System – Webba Booking CalendarMultisite Robots.txt ManagerWPOptin – AI-Powered Top Bars, PopUps & Lead GenerationBlog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, NewsShare This ImageRedirection for Contact Form 7Education Addon for ElementorShubanChat Button- Leads and Order over ChatAutomatic YouTube GalleryGenealogical Tree – Family Tree & Ancestry for WordPressWP Frontend ProfileGet feedback from visitors – WP Feedback Suite PluginInternal Link Juicer: SEO Auto Linker for WordPresswGauge – Free VersionViralikeSocialMark – Easy Watermark/Logo on Social Media Post Link Share PreviewImpexium Single Sign OnURL Shortify – Simple and Easy URL ShortenerTablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, FluentBlockMeister – Block Pattern BuilderFAQ Manager For Divi, Gutenberg Block & ShortcodeHooked Editable ContentPowerFolio – Portfolio & Image Gallery for ElementorRadio Player – Live Shoutcast, Icecast and Any Audio Stream PlayerPreloader for DiviError Log MonitorLive Drag and Drop Builder for Contact Form 7Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private MessagesPremmerce User RolesWordPress Dev Powers – Element Selector jQuery Powers PluginDivi Gravity Forms (WP Tools)WordPress WooCommerce Sync for Google SheetPurosaWP MooseWP Activity LogComments Not Replied ToPledged Plugins Secure Gateway for Authorize.net and WooCommerceWP Table Builder – Drag & Drop Table BuilderAdvanced Database ReplacerEthPress – Web3 LoginTarot Card OracleGFireM Action AfterNokkeChange Prices with Time for WooCommerceSnazzyAdmin WP Admin ThemeModern Addons for Elementor Page BuilderHuCommerce | Magyar kiegészítések WooCommerce webáruházakhozSend Prebuilt EmailsAlley Business ToolkitProduct Attachment for WooCommercejav's – WooCommerce and Trello integration WooTrelloOrder and Inventory Manager for WooCommerceWalker CorePremmerce Product Search for WooCommerceSync eCommerce NEOUltimate Divi Modules Suite – Divi Sumo LiteWP Books Gallery – Build Stunning Book Showcases & Libraries in MinutesZip Code RedirectSurbma | GDPR Proof Cookie Consent & Notice BarProduct Options and Price Calculation Formulas for WooCommerce – Uni CPOProduct Customer List for WooCommerceStop Contact Form 7 Spam & WPForms Spam – Free ProtectionEasy Newsletter SignupsRest Routes – Custom Endpoints for WordPress REST APIBulk Edit Categories and Tags – Create Thousands Quickly on the EditorCP Simple NewsletterMeridiaSimple Social Page Widget & ShortcodeAidWP – Donation & Payment Forms (Stripe Powered)Multipurpose Gutenberg BlockBulk Edit Posts and Products in SpreadsheetWP Free SSLStreak CRM For Gmail For Contact Form 7 – WordPress PluginLivemesh SiteOrigin WidgetsRun Contests, Raffles, and Giveaways with ContestsWPFrontend Admin – Add and edit posts, pages, users and more all from the frontendCourt Reservation – Manage Your Court Bookings OnlineWordPress Directory Plugin For Business Listings – WP Local PlusEnhanced Ecommerce Google Analytics for WooCommerceKnowledge Base documentation & wiki plugin – BasePress DocsAtlas – Knowledge BaseWP Author BioUltimate Carousel For DiviWoocommerce Customers Order HistoryStore Toolkit – WooCommerce Extensions, Quick Enhancements & Handy ToolsBrandAny Popup – Popup Forms, Optins & AdsAdvanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus EasilySticky add to cart for WooWP EmailyEU VAT Assistant for WooCommerceLittleBot ACH for Stripe + PlaidWPMailer – The best mail builder, No More Core for your emails support Elementor, CF7 forms etc…TwentyFourth WP ScraperSocial KitButtonizer – Floating Menus, Sticky Buttons, & Popup BuilderFast Checkout for WooCommerceBanner Management, Product Slider, Product Carousel for WooCommerceBlockyPage – Gutenberg Based Page BuilderEthereum WalletPage Builder for Gutenberg – StarterBlocksGFireM Advance SearchRadio Station by netmix® – Manage and play your Show Schedule in WordPress!JDs PortfolioContent Aware Sidebars – Fastest Widget Area PluginCartPops – High Converting Add To Cart Popup For WooCommerceBuilder for WooCommerce product reviews shortcodes – ReviewShortQuick Paypal PaymentsOne Click LoginRestrict – membership, site, content and user access restrictions for WordPressDrop Shadow BoxesNicheBaseYatri ToolsBAVOKO SEO Tools – All-in-One WordPress SEOPremmerce SEO for WooCommerceRevivePress – Keep your Old Content EvergreenCartoon UrlBlock Styler For Gravity FormsStrumenti Partita IVA per WoocommerceSheetPress – Manage WordPress Meta data with Google SheetsProduct Size Charts Plugin for WooCommerceExtend Filter Products By Price WidgetEasy TikTok Feed – TikTok Video, Feed & Gallery PluginPost List Designer – Category Post, Recent Post, Post ListWP Coupons and Deals – Coupon Plugin For Affiliate MarketersGiveaways for woocommerceMass Pages/Posts CreatorUser Menus – Nav Menu VisibilityPage Builder Gutenberg Blocks – Kioken BlocksPrime Mover – Migrate WordPress Website & BackupsSSL Zen — SSL Certificate Installer & HTTPS RedirectsWPBITS Addons For Elementor Page BuilderLive TV Player – Worldwide Live TV Channels Player for WordPressDigital Goods (Checkout Field Editor) for WooCommerce CheckoutBaniSky Login RedirectWP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT ComplianceWPVisitorInfo – Show Visitor Information & Conditional Data Based On That InformationStackable – Page Builder Gutenberg BlocksAvailability Datepicker – Booking Calendar for Contact Form 7 – Input WPGenerate Images (AI) – Magic Post ThumbnailGrid & Styler For Contact Form 7 And DiviYASR – Yet Another Star Rating Plugin for WordPressPay For Post with WooCommerceWP SPID ItaliaEther and ERC20 tokens WooCommerce Payment GatewayRestrict User Access – Ultimate Membership & Content ProtectionNinja Libs Amazon SESMailChimp ManagerGallery by FooGallerySQL Reporting Services – SSRS Plugin for WordPressSimple SponsorshipsWoo Admin Product NotesWC Shop Sync – Square Payment Gateway and Product Synchronization for WooCommerceProduct Carousel For WooCommerce – WoorouSellPostcode RedirectFullscreen MenuBulk Edit and Create User Profiles – WP Sheet EditorXT Variation Swatches for WooCommerceDocument Viewer – Embed Word, Excel, PowerPoint & PDFs InstantlyPrime Slider – Addons for ElementorPremmerce Brands for WooCommerceWP Adminify – White Label WordPress, Admin Menu Editor, Login CustomizerJoli FAQ SEO – WordPress FAQ PluginWP Tools Divi Blog CarouselUltimate Gutenberg – Custom Block TemplatesDivi Torque Lite – Divi Theme, Divi Builder & Extra ThemeCodeKit – Custom Codes EditorAPPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android AppsFIT: Featured Image ToolkitConnected SermonsKikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerceGet Directions MapShared Files – Frontend File Upload Form & Secure File SharingWP Comment Cleaner – Delete All Comments, Disable Comments, Bulk Delete & Remove CommentsPinblocks — Gutenberg blocks with Pinterest widgetsGlorious Services & SupportBuddyPress WooCommerce My Account Integration. Create WooCommerce Member PagesWP Mobile Menu – The Mobile-Friendly Responsive MenuWordPress Reviews by ReviewPressAdd Linkedin insight tags for Linkedin adsConsultPress LiteWP Required Taxonomies – Categories and Tags MandatoryA no-code page builder for beautiful performance-based contentUltimate Bulk SEO Noindex Nofollow – Speed up Penalty Recovery Ultimate SEO BoosterHide Shipping Method For WooCommerceShipping Method Display Style for WooCommerceLightbox – EverlightBox GalleryLogo Showcase – Responsive Logo Carousel, Logo Slider & Logo GridSV Proven ExpertDynific Addons for Elementor (formerly AnyWhere Elementor)Wadi SurveyRemove Add to Cart WooCommerceazw woocommerce file uploadsWp My Admin BarGuestofy – Restaurant Reservations Plugin, Room Planer, Reservation FormGFireM Fields3D Viewer – Display Interactive 3D ModelsFeedbackScout: The easiest way to collect, prioritise, manage and track customer feedback.Fraud Prevention For WooCommerce and EDDCryptocurrency Portfolio TrackerКнопка ЮMoneyTag Groups is the Advanced Way to Display Your Taxonomy TermsWP Munich Blocks – Gutenberg Blocks for WordPressStreamCast – Live Radio Streaming PlayerWP AutoMedicW3SCloud Contact Form 7 to Zoho CRMWP Event Partners – WordPress Plugin for Event and Conference ManagementFood Store – Online Food Delivery & PickupXT Points & Rewards for WooCommerceRocket Maintenance Mode & Coming Soon PageSpotlight Social Feeds – Block, Shortcode, and WidgetForceFieldForms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, WebhookPrint My Blog – Print, PDF, & eBook Converter WordPress PluginRecurWP – WordPress Recurly Payment GatewayLimb Gallery | Create Beautiful Image & Video GalleriesOut of stock display for woocommercePersistent LoginAnnouncement & Notification Banner – BulletinLearnMoreIvory Search – WordPress Search PluginImage Photo Gallery Final Tiles GridEasy Settings for LearnDashWP Radio – Worldwide Online Radio Stations Directory for WordPressBefore and After Product Images for WooCommerceScheduled Notification BarWoowGallerySTAX Header BuilderWP-Cron Status CheckerGo Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view countersBulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO)Justified GalleryWPBakery Page Builder Addons by LivemeshEasy Zillow ReviewsTabs with Recommended Posts (Widget)WP SierraFront End PMWP Frontend Admin – Display WP Admin Pages in the FrontendEmail TrackerPerformance KitEmail Header FooterWP Post BlockSimple Giveaways – Grow your business, email lists and traffic with contestsCheckout with Zelle on WoocommerceThank You Page for WooCommerceMapGeo – Interactive Geo MapsPost to Google My Business (Google Business Profile)WP Link BioAdFoxly – Ad Manager, AdSense Ads & Ads.txtPoints Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCredKRSP Frontend File UploaderUltimate Blocks – 25+ Gutenberg Blocks for Block EditorStarfish Review Generation & Marketing for WordPressB2B Request a QuoteLivemesh Addons by ElementorWP Contact Slider – Contact Form Slider WidgetTK SmugMug Slideshow ShortcodeEmails Blacklist for Everest FormsCoinbase Commerce – Crypto Gateway for WooCommerceUnlimited Elements For ElementorWooCommerce Variation Swatches for ProductsWCC SEO Keyword ResearchRankBearGift Message for WooCommerceSouth Pole: Climate action nowWidgets on PagesContact Widgets For Elementor all the contact links you need in one placeSecurity Ninja – WordPress Security & FirewallProduct Country Restrictions for WooCommerce – Country CatalogsGallery PhotoBlocksWordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and ScheduleFloating Social Share Icons and Social Share buttons – Next Previous Post Links – FLSparrow: Product Reviews and Ratings for WooCommerceLive Scores for SportsPressBroadcast LiteAffiliate Link Builder Plugin for Amazon Associates – Review EngineBulk Edit Products for WooCommerce – WP Sheet EditorDivi CollageEasy Age VerifyDisable Payment Methods based on cart conditions for WooCommerceDashy – Google Analytics advanced dashboardCheckout with Venmo on EDDWP Smart Export (Free)Better Messages – WCFM IntegrationAdvanced Custom Fields options import/exportTurbo WidgetsArendelleExtra Fees for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2022-4937
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-1.01% / 77.35%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 17:40
Updated-13 Jan, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more. There were hundreds of AJAX endpoints affected.

Action-Not Available
Vendor-wcloverswclovers
Product-frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatibleWCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible
CWE ID-CWE-862
Missing Authorization
CVE-2024-24739
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 28.78%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 02:34
Updated-09 May, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing authorization check in SAP BAM (Bank Account Management)

SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-bank_account_managementSAP BAM (Bank Account Management)
CWE ID-CWE-862
Missing Authorization
CVE-2024-24704
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 30.38%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:25
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Load More Anything plugin <= 3.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3.

Action-Not Available
Vendor-AddonMaster (Akhtarujjaman Shuvo)
Product-load_more_anythingLoad More Anything
CWE ID-CWE-862
Missing Authorization
CVE-2022-44626
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 20.28%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:15
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Squirrly SEO (Peaks) plugin <= 12.1.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20.

Action-Not Available
Vendor-squirrlySquirrly
Product-seo_plugin_by_squirrly_seoSEO Plugin by Squirrly SEO
CWE ID-CWE-862
Missing Authorization
CVE-2025-22698
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.74%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:45
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Accessibility Suite by Ability, Inc plugin <= 4.18 - Multiple Broken Access Control vulnerability

Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.18.

Action-Not Available
Vendor-Ability, Inc
Product-Accessibility Suite
CWE ID-CWE-862
Missing Authorization
CVE-2024-20438
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.14% / 34.22%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 16:53
Updated-08 Oct, 2024 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability

A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit this vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited network-admin functions such as reading device configuration information, uploading files, and modifying uploaded files. Note: This vulnerability only affects a subset of REST API endpoints and does not affect the web-based management interface.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboard_fabric_controllernexus_dashboardCisco Data Center Network Manager
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-862
Missing Authorization
CVE-2025-31841
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.25% / 48.57%
||
7 Day CHG+0.04%
Published-03 Apr, 2025 | 13:27
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FPW Category Thumbnails Plugin <= 1.9.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Frank P. Walentynowicz FPW Category Thumbnails fpw-category-thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FPW Category Thumbnails: from n/a through <= 1.9.5.

Action-Not Available
Vendor-Frank P. Walentynowicz
Product-FPW Category Thumbnails
CWE ID-CWE-862
Missing Authorization
CVE-2024-1677
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.25% / 48.23%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-08 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Improper Authorization

The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with subscriber access and above, to fully control the plugin which includes the ability to modify plugin settings and profiles, and create, edit, retrieve, and delete templates and barcodes.

Action-Not Available
Vendor-ukrsolutionukrsolution
Product-print_labels_with_barcodesPrint Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-1851
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 15.21%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 06:58
Updated-08 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_create_list

The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists.

Action-Not Available
Vendor-servitcservit
Product-affiliate-toolkitaffiliate-toolkit – Multi-Network Affiliate & Amazon Product Display
CWE ID-CWE-862
Missing Authorization
CVE-2023-52217
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.06%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:26
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-woocommerce_conversion_trackingWooCommerce Conversion Trackingwoocommerce_conversion_tracking
CWE ID-CWE-862
Missing Authorization
CVE-2024-13361
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 43.55%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 07:29
Updated-08 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

The AI Power: Complete AI Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicg_save_image_media function in all versions up to, and including, 1.8.96. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload image files and embed shortcode attributes in the image_alt value that will execute when sending a POST request to the attachment page.

Action-Not Available
Vendor-aipowersenols
Product-aipowerAI Puffer – Your AI engine for WordPress (formerly AI Power)
CWE ID-CWE-862
Missing Authorization
CVE-2023-52117
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.04%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 08:44
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6.

Action-Not Available
Vendor-Metagauss Inc.
Product-profilegridProfileGridprofilegrid
CWE ID-CWE-862
Missing Authorization
CVE-2024-10003
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.48% / 65.26%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 04:31
Updated-08 Apr, 2026 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

The Rover IDX plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 3.0.0.2903. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options.

Action-Not Available
Vendor-roveridxstevemullen
Product-rover_idxRover IDX
CWE ID-CWE-862
Missing Authorization
CVE-2024-10078
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.57% / 68.91%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 07:35
Updated-08 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions

The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts.

Action-Not Available
Vendor-newsignaturechertzwp_easy_post_types_project
Product-wp_easy_post_typesWP Easy Post Typeswp_easy_post_types
CWE ID-CWE-862
Missing Authorization
CVE-2024-0828
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 28.61%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 15:26
Updated-08 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio.

Action-Not Available
Vendor-hammadhhammadh
Product-play.htPlay.ht – Make Your Blog Posts Accessible With Text to Speech Audio
CWE ID-CWE-862
Missing Authorization
CVE-2025-23440
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.08% / 23.06%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress radSLIDE plugin <= 2.1 - Broken Access Control to Stored Cross-Site Scripting vulnerability

Missing Authorization vulnerability in radicaldesigns radSLIDE radslide allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects radSLIDE: from n/a through <= 2.1.

Action-Not Available
Vendor-radicaldesigns
Product-radSLIDE
CWE ID-CWE-862
Missing Authorization
CVE-2022-40203
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 27.43%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 16:08
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control

Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5.

Action-Not Available
Vendor-AlgolPlus
Product-advanced_dynamic_pricing_for_woocommerceAdvanced Dynamic Pricing for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-1325
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 12.42%
||
7 Day CHG~0.00%
Published-08 Mar, 2025 | 09:22
Updated-08 Apr, 2026 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Exeuction

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to arbitrary shortcode execution due to a missing capability check on the 'rcl_preview_post' AJAX endpoint in all versions up to, and including, 16.26.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

Action-Not Available
Vendor-plechevandreywppost
Product-wp-recallWP-Recall – Registration, Profile, Commerce & More
CWE ID-CWE-862
Missing Authorization
CVE-2022-36352
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.3||MEDIUM
EPSS-0.24% / 47.50%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 21:50
Updated-28 Apr, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control

Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3.

Action-Not Available
Vendor-Metagauss Inc.
Product-profilegridProfileGrid – User Profiles, Memberships, Groups and Communities
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found