Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-21748

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-08 Jun, 2024 | 16:14
Updated At-01 Aug, 2024 | 22:27
Rejected At-
Credits

WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:08 Jun, 2024 | 16:14
Updated At:01 Aug, 2024 | 22:27
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.

Affected Products
Vendor
Icegram
Product
Icegram
Collection URL
https://wordpress.org/plugins
Package Name
icegram
Default Status
unaffected
Versions
Affected
  • From n/a through 3.1.21 (custom)
    • -> unaffectedfrom3.1.22
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to 3.1.22 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Huynh Tien Si (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:08 Jun, 2024 | 17:15
Updated At:17 Jul, 2024 | 19:59

Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CPE Matches
icegram
icegram
>>icegram_express>>Versions before 3.1.22(exclusive)
cpe:2.3:a:icegram:icegram_express:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primaryaudit@patchstack.com
CWE ID: CWE-862
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

334Records found
CVE-2024-43273
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.91%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14.

Action-Not Available
Vendor-icegram
Product-Icegram Collect
CWE ID-CWE-862
Missing Authorization
CVE-2024-39625
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.64%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication Vulnerability

Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.

Action-Not Available
Vendor-icegramicegram
Product-Icegramicegram
CWE ID-CWE-862
Missing Authorization
CVE-2019-19985
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-86.72% / 99.38%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 02:25
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.

Action-Not Available
Vendor-icegramn/a
Product-email_subscribers_\&_newslettersn/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-5703
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 49.74%
||
7 Day CHG+0.15%
Published-17 Jul, 2024 | 07:32
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized API access due to a missing capability check in all versions up to, and including, 5.7.26. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access the API (provided it is enabled) and add, edit, and delete audience users.

Action-Not Available
Vendor-icegramicegram
Product-email_subscribers_\&_newslettersEmail Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-47527
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.06% / 16.89%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 15:54
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Icegram Icegram Collect – Easy Form, Lead Collection and Subscription plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Icegram Collect – Easy Form, Lead Collection and Subscription plugin: from n/a through 1.3.18.

Action-Not Available
Vendor-Icegram
Product-Icegram Collect – Easy Form, Lead Collection and Subscription plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-8771
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.15%
||
7 Day CHG~0.00%
Published-26 Sep, 2024 | 15:30
Updated-10 Jul, 2025 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5.7.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the content of private, password protected, pending, and draft posts and pages.

Action-Not Available
Vendor-icegramicegram
Product-email_subscribers_\&_newslettersEmail Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-31352
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 57.55%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 17:23
Updated-25 Sep, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.13.

Action-Not Available
Vendor-icegram
Product-email_subscribers_\&_newslettersEmail Subscribers & Newsletters
CWE ID-CWE-862
Missing Authorization
CVE-2024-56234
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.31%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:25
Updated-31 Dec, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VW Automobile Lite theme <= 2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in VW THEMES VW Automobile Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Automobile Lite: from n/a through 2.1.

Action-Not Available
Vendor-VW THEMES
Product-VW Automobile Lite
CWE ID-CWE-862
Missing Authorization
CVE-2024-56244
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.31%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ashe Extra plugin <= 1.2.92 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.92.

Action-Not Available
Vendor-Royal Elementor Addons
Product-Ashe Extra
CWE ID-CWE-862
Missing Authorization
CVE-2024-55072
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.06%
||
7 Day CHG-0.02%
Published-27 Mar, 2025 | 00:00
Updated-30 Apr, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.

Action-Not Available
Vendor-mealien/a
Product-mealien/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-5489
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.35%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 11:33
Updated-01 Aug, 2024 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wbcom Designs - Custom Font Uploader <= 2.3.4 - Missing Authorization to Font Deletion

The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfu_delete_customfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete any custom font.

Action-Not Available
Vendor-wbcomdesignswbcomdesigns
Product-custom_font_uploaderWbcom Designs – Custom Font Uploader
CWE ID-CWE-862
Missing Authorization
CVE-2024-55876
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 33.71%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 18:59
Updated-30 Apr, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user

XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable. This has been patched in XWiki 15.10.9 and 16.3.0. As a workaround, those who have subwikis where the Job Scheduler is enabled can edit the objects on `Scheduler.WebPreferences` to match the patch.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-862
Missing Authorization
CVE-2024-55998
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.94%
||
7 Day CHG+0.01%
Published-16 Dec, 2024 | 14:13
Updated-16 Dec, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup Surveys & Polls for WordPress (Mare.io) plugin <= 1.36 - Settings Change vulnerability

Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36.

Action-Not Available
Vendor-dusthazard
Product-Popup Surveys & Polls for WordPress (Mare.io)
CWE ID-CWE-862
Missing Authorization
CVE-2024-54679
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.88% / 74.41%
||
7 Day CHG+0.05%
Published-05 Dec, 2024 | 00:00
Updated-06 Dec, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-54311
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.94%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:25
Updated-13 Dec, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in i.lychkov Mark New Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through 7.5.1.

Action-Not Available
Vendor-i.lychkov
Product-Mark New Posts
CWE ID-CWE-862
Missing Authorization
CVE-2024-50423
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.70%
||
7 Day CHG+0.02%
Published-29 Oct, 2024 | 21:26
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.

Action-Not Available
Vendor-Templately
Product-Templately
CWE ID-CWE-862
Missing Authorization
CVE-2023-47187
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.63%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-03 Jan, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Animated Rotating Words plugin <= 5.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Labib Ahmed Animated Rotating Words allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Rotating Words: from n/a through 5.4.

Action-Not Available
Vendor-Labib Ahmed
Product-Animated Rotating Words
CWE ID-CWE-862
Missing Authorization
CVE-2024-44117
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.73%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 04:25
Updated-10 Sep, 2024 | 13:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform

The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP NetWeaver Application Server for ABAP and ABAP Platform
CWE ID-CWE-862
Missing Authorization
CVE-2024-43962
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 42.02%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-08 Nov, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LWS Affiliation plugin <= 2.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4.

Action-Not Available
Vendor-lwsLWS
Product-affiliationLWS Affiliation
CWE ID-CWE-862
Missing Authorization
CVE-2024-4410
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-27 Jul, 2024 | 01:51
Updated-01 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IgnitionDeck Crowdfunding Platform <= 1.9.8 - Missing Authorization

The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This makes it possible for authenticated attackers, with subscriber access or higher, to execute various AJAX actions. This includes actions to change the permalink structure, plugin settings and others.

Action-Not Available
Vendor-ignitionwp
Product-IgnitionDeck Crowdfunding Platform
CWE ID-CWE-862
Missing Authorization
CVE-2024-43118
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.04%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-15 May, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hummingbird plugin <= 3.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Hummingbird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hummingbird: from n/a through 3.9.1.

Action-Not Available
Vendor-Incsub, LLC
Product-hummingbirdHummingbird
CWE ID-CWE-862
Missing Authorization
CVE-2024-43332
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.04%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0.

Action-Not Available
Vendor-meowappsJordy Meow
Product-photo_enginePhoto Engine
CWE ID-CWE-862
Missing Authorization
CVE-2024-43326
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.70%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 19:25
Updated-20 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Plugin Notes Plus plugin <= 1.2.7 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Jamie Bergen Plugin Notes Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Plugin Notes Plus: from n/a through 1.2.7.

Action-Not Available
Vendor-Jamie Bergen
Product-Plugin Notes Plus
CWE ID-CWE-862
Missing Authorization
CVE-2024-39635
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 47.82%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 May, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Youzify plugin <= 1.2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in KaineLabs Youzify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youzify: from n/a through 1.2.6.

Action-Not Available
Vendor-kainelabsKaineLabs
Product-youzifyYouzify
CWE ID-CWE-862
Missing Authorization
CVE-2024-38740
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.91%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Packlink PRO shipping module plugin <= 3.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Packlink Shipping S.L. Packlink PRO shipping module allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Packlink PRO shipping module: from n/a through 3.4.6.

Action-Not Available
Vendor-Packlink Shipping S.L.
Product-Packlink PRO shipping module
CWE ID-CWE-862
Missing Authorization
CVE-2023-47225
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 30.63%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Short URL plugin <= 1.6.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in KaizenCoders Short URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through 1.6.8.

Action-Not Available
Vendor-KaizenCoders
Product-Short URL
CWE ID-CWE-862
Missing Authorization
CVE-2024-38733
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.91%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Meks Meks Video Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meks Video Importer: from n/a through 1.0.12.

Action-Not Available
Vendor-Meks
Product-Meks Video Importer
CWE ID-CWE-862
Missing Authorization
CVE-2023-45272
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 14.12%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 14:53
Updated-06 Mar, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal Vulnerability

Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73.

Action-Not Available
Vendor-10Web (TenWeb, Inc.)
Product-map_builder_for_google_maps10Web Map Builder for Google Maps
CWE ID-CWE-862
Missing Authorization
CVE-2024-37542
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 18.70%
||
7 Day CHG~0.00%
Published-06 Jul, 2024 | 12:40
Updated-20 Aug, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.

Action-Not Available
Vendor-WpDevArt
Product-galleryResponsive Image Gallery, Gallery Album
CWE ID-CWE-862
Missing Authorization
CVE-2023-45631
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.71%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 11:59
Updated-21 Mar, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.

Action-Not Available
Vendor-WpDevArt
Product-galleryResponsive Image Gallery, Gallery Album
CWE ID-CWE-862
Missing Authorization
CVE-2023-0713
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.03% / 7.12%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 21:05
Updated-07 Nov, 2023 | 04:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.

Action-Not Available
Vendor-wickedpluginswickedplugins
Product-wicked_foldersWicked Folders
CWE ID-CWE-862
Missing Authorization
CVE-2024-37176
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 26.41%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 02:14
Updated-09 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP BW/4HANA Transformation and DTP

SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-bw\/4hanaSAP BW/4HANA Transformation and Data Transfer Processsap_bwsap_bw_4hana
CWE ID-CWE-862
Missing Authorization
CVE-2024-37439
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.91%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Subscriber+ Arbitrary Post/Page Duplication vulnerability

Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a through 4.1.4.0

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-Uncanny Toolkit Pro for LearnDashuncanny_toolkit_pro_for_learndash
CWE ID-CWE-862
Missing Authorization
CVE-2024-37207
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.91%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Demo Awesome plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2.

Action-Not Available
Vendor-Theme4Press
Product-Demo Awesome
CWE ID-CWE-862
Missing Authorization
CVE-2024-37425
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.91%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newspack Blocks plugin <= 3.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8.

Action-Not Available
Vendor-Automattic Inc.
Product-Newspack Blocks
CWE ID-CWE-862
Missing Authorization
CVE-2023-45101
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 14.20%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 11:59
Updated-05 Feb, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through 5.36.0.

Action-Not Available
Vendor-cusrevCusRev
Product-customer_reviews_for_woocommerceCustomer Reviews for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-3627
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 33.70%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 02:08
Updated-01 Aug, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wheel of Life: Coaching and Assessment Tool for Life Coach <= 1.1.7 - Missing Authorization on Several AJAX Endpoints

The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings.

Action-Not Available
Vendor-kraftpluginskraftplugins
Product-wheel_of_lifeWheel of Life: Coaching and Assessment Tool for Life Coach
CWE ID-CWE-862
Missing Authorization
CVE-2024-35663
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 29.15%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:17
Updated-09 Aug, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Translate plugin <= 5.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0.

Action-Not Available
Vendor-HahnCreativeGroup
Product-WP Translate
CWE ID-CWE-862
Missing Authorization
CVE-2024-3607
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.69%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-04 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_key_date() function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts

Action-Not Available
Vendor-wp-property-hivepropertyhive
Product-propertyhivePropertyHive
CWE ID-CWE-862
Missing Authorization
CVE-2024-34804
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 35.07%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:23
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tagembed plugin <= 5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8.

Action-Not Available
Vendor-Tagembed
Product-Tagembed
CWE ID-CWE-862
Missing Authorization
CVE-2024-34815
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.50%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:18
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import and export users and customers plugin <= 1.26.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.5.

Action-Not Available
Vendor-Codectionwebtoffee
Product-Import and export users and customersimport_and_export_users_and_customers
CWE ID-CWE-862
Missing Authorization
CVE-2023-45636
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.82%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 11:59
Updated-06 Jan, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Backup & Migration plugin <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.1.

Action-Not Available
Vendor-WebToffee
Product-WordPress Backup & Migration
CWE ID-CWE-862
Missing Authorization
CVE-2024-33572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.21% / 43.77%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:00
Updated-26 Nov, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress The Plus Blocks for Block Editor | Gutenberg plugin <= 3.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in POSIMYTH The Plus Blocks for Block Editor | Gutenberg.This issue affects The Plus Blocks for Block Editor | Gutenberg: from n/a through 3.2.5.

Action-Not Available
Vendor-posimythPOSIMYTH
Product-nexter_blocksThe Plus Blocks for Block Editor | Gutenberg
CWE ID-CWE-862
Missing Authorization
CVE-2024-33573
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.81%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 13:38
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in EPROLO EPROLO Dropshipping.This issue affects EPROLO Dropshipping: from n/a through 1.7.1.

Action-Not Available
Vendor-EPROLO
Product-EPROLO Dropshipping
CWE ID-CWE-862
Missing Authorization
CVE-2024-32797
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.24%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:53
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP LinkedIn Auto Publish plugin <= 8.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Martin Gibson WP LinkedIn Auto Publish.This issue affects WP LinkedIn Auto Publish: from n/a through 8.11.

Action-Not Available
Vendor-Martin Gibson
Product-WP LinkedIn Auto Publish
CWE ID-CWE-862
Missing Authorization
CVE-2024-32804
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.45%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:49
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP GoToWebinar plugin <= 14.46 - Broken Access Control vulnerability

Missing Authorization vulnerability in Martin Gibson WP GoToWebinar.This issue affects WP GoToWebinar: from n/a through 14.46.

Action-Not Available
Vendor-Martin Gibson
Product-WP GoToWebinar
CWE ID-CWE-862
Missing Authorization
CVE-2023-46196
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.35%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social proof testimonials and reviews by Repuso plugin <= 4.97 - Broken Access Control vulnerability

Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social proof testimonials and reviews by Repuso: from n/a through 4.97.

Action-Not Available
Vendor-Repuso
Product-Social proof testimonials and reviews by Repuso
CWE ID-CWE-862
Missing Authorization
CVE-2024-32713
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.08%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 17:08
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Post Generator | AutoWriter plugin <= 3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in AutoWriter AI Post Generator | AutoWriter.This issue affects AI Post Generator | AutoWriter: from n/a through 3.3.

Action-Not Available
Vendor-autowriterAutoWriter
Product-ai_post_generator_\|_autowriterAI Post Generator | AutoWriter
CWE ID-CWE-862
Missing Authorization
CVE-2024-32821
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.45%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:16
Updated-09 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Total Poll Lite plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through 4.9.9.

Action-Not Available
Vendor-TotalSuite
Product-Total Poll Lite
CWE ID-CWE-862
Missing Authorization
CVE-2024-32824
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 37.26%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:14
Updated-26 Feb, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Evergreen Content Poster plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Evergreen Content Poster.This issue affects Evergreen Content Poster: from n/a through 1.4.2.

Action-Not Available
Vendor-evergreencontentposterEvergreen Content Poster
Product-evergreen_content_posterEvergreen Content Poster
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 6
  • 7
  • Next
Details not found