ByteOS Network

Vulnerability Details :

CVE-2024-21748

Summary

Assigner-Patchstack

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-08 Jun, 2024 | 16:14

Updated At-01 Aug, 2024 | 22:27

WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:08 Jun, 2024 | 16:14

Updated At:01 Aug, 2024 | 22:27

▼CVE Numbering Authority (CNA)

WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.

Affected Products

Vendor

Icegram

Product

Icegram

Collection URL

https://wordpress.org/plugins

Package Name

icegram

Default Status

unaffected

Versions

Affected

From n/a through 3.1.21 (custom)
- -> unaffectedfrom3.1.22

Problem Types

Type	CWE ID	Description
CWE	CWE-862	CWE-862 Missing Authorization

Type: CWE

CWE ID: CWE-862

Description: CWE-862 Missing Authorization

Metrics

Version	Base score	Base severity	Vector
3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Solutions

Update to 3.1.22 or a higher version.

Credits

finder

Huynh Tien Si (Patchstack Alliance)

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

1. CISA ADP Vulnrichment

Metrics Other Info

2. CVE Program Container

References

Hyperlink	Resource
https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve	vdb-entry x_transferred

Hyperlink: https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve

Resource:

vdb-entry

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:08 Jun, 2024 | 17:15

Updated At:17 Jul, 2024 | 19:59

Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Secondary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Type: Primary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CPE Matches

icegram>>icegram_express>>Versions before 3.1.22(exclusive)

cpe:2.3:a:icegram:icegram_express:*:*:*:*:*:wordpress:*:*

Weaknesses

CWE ID	Type	Source
CWE-862	Primary	audit@patchstack.com

CWE ID: CWE-862

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve	audit@patchstack.com	Third Party Advisory

Hyperlink: https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-20-broken-access-control-vulnerability?_s_id=cve

Source: audit@patchstack.com

Resource:

Third Party Advisory

Similar CVEs

335Records found

CVE-2025-54695

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.04% / 10.85%

7 Day CHG~0.00%

Published-14 Aug, 2025 | 10:34

Updated-14 Aug, 2025 | 14:41

WordPress HT Mega Plugin plugin <= 2.9.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in HasTech HT Mega allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HT Mega: from n/a through 2.9.0.

Vendor-HasTech

Product-HT Mega

CWE ID-CWE-862

Missing Authorization

CVE-2025-54705

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.04% / 10.85%

7 Day CHG~0.00%

Published-14 Aug, 2025 | 10:34

Updated-14 Aug, 2025 | 14:08

WordPress WpEvently Plugin plugin <= 4.4.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.4.6.

Vendor-MagePeople

Product-WpEvently

CWE ID-CWE-862

Missing Authorization

CVE-2020-6233

Matching Score-4

Assigner-SAP SE

View Details

Matching Score-4

Assigner-SAP SE

CVSS Score-4.3||MEDIUM

EPSS-0.22% / 45.13%

7 Day CHG~0.00%

Published-14 Apr, 2020 | 18:34

Updated-04 Aug, 2024 | 08:55

SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.

Vendor-SAP SE

Product-banking_services_from_sap s\/4hana_financial_products_subledger SAP S/4 HANA (Financial Products Subledger and Banking Services) (S4FPSL)SAP S/4 HANA (Financial Products Subledger and Banking Services) (FSAPPL)

CWE ID-CWE-862

Missing Authorization

CVE-2023-41671

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.14% / 34.98%

7 Day CHG~0.00%

Published-13 Dec, 2024 | 14:24

Updated-13 Dec, 2024 | 18:50

WordPress Abandoned Cart Lite for WooCommerce plugin <= 5.16.1 - Cross Site Request Forgery (CSRF) vulnerability

Missing Authorization vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Cart Lite for WooCommerce: from n/a through 5.16.1.

Vendor-Tyche Softwares

Product-Abandoned Cart Lite for WooCommerce

CWE ID-CWE-862

Missing Authorization

CVE-2025-53266

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.05% / 13.34%

7 Day CHG~0.00%

Published-27 Jun, 2025 | 13:21

Updated-30 Jun, 2025 | 18:38

WordPress Cron Logger plugin <= 1.3.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in EdwardBock Cron Logger allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cron Logger: from n/a through 1.3.0.

Vendor-EdwardBock

Product-Cron Logger

CWE ID-CWE-862

Missing Authorization

CVE-2025-53221

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.04% / 10.85%

7 Day CHG~0.00%

Published-14 Aug, 2025 | 18:22

Updated-15 Aug, 2025 | 13:12

WordPress CodeablePress Plugin <= 1.0.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in codeablepress CodeablePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CodeablePress: from n/a through 1.0.0.

Vendor-codeablepress

Product-CodeablePress

CWE ID-CWE-862

Missing Authorization

CVE-2025-50009

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG+0.01%

Published-20 Jun, 2025 | 15:04

Updated-23 Jun, 2025 | 20:16

WordPress Kata Plus plugin <= 1.5.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Climax Themes Kata Plus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Kata Plus: from n/a through 1.5.3.

Vendor-Climax Themes

Product-Kata Plus

CWE ID-CWE-862

Missing Authorization

CVE-2025-49969

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG+0.01%

Published-20 Jun, 2025 | 15:04

Updated-23 Jun, 2025 | 20:57

WordPress Zara 4 Image Compression plugin <= 1.2.17.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zara 4 Image Compression: from n/a through 1.2.17.2.

Vendor-Zara 4

Product-Zara 4 Image Compression

CWE ID-CWE-862

Missing Authorization

CVE-2025-49998

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG+0.01%

Published-20 Jun, 2025 | 15:04

Updated-23 Jun, 2025 | 20:16

WordPress WooCommerce Fortnox Integration plugin <= 4.5.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.5.

Vendor-Wetail

Product-WooCommerce Fortnox Integration

CWE ID-CWE-862

Missing Authorization

CVE-2023-41870

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.40% / 59.67%

7 Day CHG~0.00%

Published-13 Dec, 2024 | 14:24

Updated-11 Feb, 2025 | 14:16

WordPress WP Crowdfunding plugin <= 2.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5.

Vendor-Themeum

Product-wp_crowdfunding WP Crowdfunding

CWE ID-CWE-862

Missing Authorization

CVE-2025-50008

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG+0.01%

Published-20 Jun, 2025 | 15:04

Updated-23 Jun, 2025 | 20:16

WordPress WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily plugin <= 1.2.4.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in cscode WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily: from n/a through 1.2.4.5.

Vendor-cscode

Product-WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily

CWE ID-CWE-862

Missing Authorization

CVE-2025-48335

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG~0.00%

Published-06 Jun, 2025 | 11:38

Updated-06 Jun, 2025 | 15:04

WordPress Responsive Plus plugin <= 3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0.

Vendor-CyberChimps Inc.

Product-Responsive Plus

CWE ID-CWE-862

Missing Authorization

CVE-2025-48138

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.06% / 18.28%

7 Day CHG~0.00%

Published-16 May, 2025 | 15:45

Updated-30 May, 2025 | 15:19

WordPress BERTHA AI <= 1.12.11 - Broken Access Control Vulnerability

Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BERTHA AI: from n/a through 1.12.11.

Vendor-bertha berthaai

Product-bertha_ai BERTHA AI

CWE ID-CWE-862

Missing Authorization

CVE-2025-48262

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG~0.00%

Published-19 May, 2025 | 14:45

Updated-21 May, 2025 | 20:25

WordPress Url Rewrite Analyzer <= 1.3.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Michael Revellin-Clerc Url Rewrite Analyzer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Url Rewrite Analyzer: from n/a through 1.3.3.

Vendor-Michael Revellin-Clerc

Product-Url Rewrite Analyzer

CWE ID-CWE-862

Missing Authorization

CVE-2025-48246

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG~0.00%

Published-19 May, 2025 | 14:44

Updated-21 May, 2025 | 20:25

WordPress The Events Calendar <= 6.11.2.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Events Calendar: from n/a through 6.11.2.1.

Vendor-The Events Calendar

Product-The Events Calendar

CWE ID-CWE-862

Missing Authorization

CVE-2025-46535

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG+0.02%

Published-25 Apr, 2025 | 08:05

Updated-29 Apr, 2025 | 13:52

WordPress Custom Login and Registration plugin <= 1.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.

Vendor-AlphaEfficiencyTeam

Product-Custom Login and Registration

CWE ID-CWE-862

Missing Authorization

CVE-2025-47556

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG~0.00%

Published-16 May, 2025 | 15:45

Updated-19 May, 2025 | 13:35

WordPress CSS3 Compare Pricing Tables for WordPress <= 11.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Pricing Tables for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Compare Pricing Tables for WordPress: from n/a through 11.5.

Vendor-QuanticaLabs

Product-CSS3 Compare Pricing Tables for WordPress

CWE ID-CWE-862

Missing Authorization

CVE-2025-47469

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG~0.00%

Published-07 May, 2025 | 14:19

Updated-08 May, 2025 | 14:39

WordPress Media Hygiene <= 4.0.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.0.

Vendor-slui

Product-Media Hygiene

CWE ID-CWE-862

Missing Authorization

CVE-2025-47580

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.06% / 19.34%

7 Day CHG~0.00%

Published-15 May, 2025 | 17:07

Updated-12 Aug, 2025 | 02:01

WordPress Front End Users plugin <= 3.2.32 - Sensitive Data Exposure vulnerability

Missing Authorization vulnerability in Rustaurius Front End Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Front End Users: from n/a through 3.2.32.

Vendor-etoilewebdesign Rustaurius

Product-front_end_users Front End Users

CWE ID-CWE-862

Missing Authorization

CVE-2025-47628

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.06% / 18.28%

7 Day CHG~0.00%

Published-07 May, 2025 | 14:20

Updated-12 May, 2025 | 20:11

WordPress QS Dark Mode <= 3.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in quomodosoft QS Dark Mode allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QS Dark Mode: from n/a through 3.0.

Vendor-quomodosoft quomodosoft

Product-qs_dark_mode QS Dark Mode

CWE ID-CWE-862

Missing Authorization

CVE-2025-47612

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.06% / 18.28%

7 Day CHG~0.00%

Published-07 May, 2025 | 14:20

Updated-23 May, 2025 | 12:23

WordPress ClickWhale <= 2.4.6 - Broken Access Control Vulnerability

Missing Authorization vulnerability in flowdee ClickWhale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ClickWhale: from n/a through 2.4.6.

Vendor-flowdee flowdee

Product-clickwhale ClickWhale

CWE ID-CWE-862

Missing Authorization

CVE-2025-47480

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG~0.00%

Published-07 May, 2025 | 14:19

Updated-08 May, 2025 | 14:39

WordPress Graphina <= 3.0.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Iqonic Design Graphina allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Graphina: from n/a through 3.0.4.

Vendor-Iqonic Design

Product-Graphina

CWE ID-CWE-862

Missing Authorization

CVE-2025-47472

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG~0.00%

Published-07 May, 2025 | 14:19

Updated-08 May, 2025 | 14:39

WordPress Music Player for WooCommerce <= 1.5.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in codepeople Music Player for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Player for WooCommerce: from n/a through 1.5.1.

Vendor-CodePeople

Product-Music Player for WooCommerce

CWE ID-CWE-862

Missing Authorization

CVE-2025-47602

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG~0.00%

Published-07 May, 2025 | 14:20

Updated-08 May, 2025 | 14:39

WordPress Calculate Prices based on Distance For WooCommerce <= 1.3.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ammarahmad786 Calculate Prices based on Distance For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Calculate Prices based on Distance For WooCommerce: from n/a through 1.3.5.

Vendor-ammarahmad786

Product-Calculate Prices based on Distance For WooCommerce

CWE ID-CWE-862

Missing Authorization

CVE-2025-47591

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG~0.00%

Published-07 May, 2025 | 14:20

Updated-08 May, 2025 | 14:39

WordPress Bulk Featured Image <= 1.2.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in CreedAlly Bulk Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Featured Image: from n/a through 1.2.1.

Vendor-CreedAlly

Product-Bulk Featured Image

CWE ID-CWE-862

Missing Authorization

CVE-2025-47526

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG~0.00%

Published-07 May, 2025 | 14:20

Updated-08 May, 2025 | 14:39

WordPress GS Variation Swatches for WooCommerce <= 3.0.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in GS Plugins GS Variation Swatches for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GS Variation Swatches for WooCommerce: from n/a through 3.0.4.

Vendor-GS Plugins

Product-GS Variation Swatches for WooCommerce

CWE ID-CWE-862

Missing Authorization

CVE-2025-46259

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 13.34%

7 Day CHG~0.00%

Published-01 Jul, 2025 | 19:10

Updated-03 Jul, 2025 | 15:14

WordPress The Plus Addons for Elementor - Pro Plugin < 6.3.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7.

Vendor-POSIMYTH Innovation

Product-The Plus Addons for Elementor Pro

CWE ID-CWE-862

Missing Authorization

CVE-2025-4520

Matching Score-4

Assigner-Wordfence

View Details

Matching Score-4

Assigner-Wordfence

CVSS Score-5.4||MEDIUM

EPSS-0.03% / 7.43%

7 Day CHG~0.00%

Published-14 May, 2025 | 02:23

Updated-12 Aug, 2025 | 01:55

Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.

Vendor-Uncanny Owl Inc.

Product-uncanny_automator Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin

CWE ID-CWE-862

Missing Authorization

CVE-2025-39545

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.10% / 27.52%

7 Day CHG~0.00%

Published-16 Apr, 2025 | 12:44

Updated-16 Apr, 2025 | 13:43

WordPress WordPress REST API Authentication <= 3.6.3 - Settings Change Vulnerability

Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3.

Vendor-miniOrange

Product-WordPress REST API Authentication

CWE ID-CWE-862

Missing Authorization

CVE-2022-41695

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.04% / 12.20%

7 Day CHG~0.00%

Published-17 Jan, 2024 | 17:09

Updated-17 Jun, 2025 | 14:18

WordPress Traffic Manager Plugin <= 1.4.5 is vulnerable to Broken Access Control

Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5.

Vendor-sedlex SedLex

Product-traffic_manager Traffic Manager

CWE ID-CWE-862

Missing Authorization

CVE-2025-39560

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG~0.00%

Published-16 Apr, 2025 | 12:44

Updated-16 Apr, 2025 | 15:04

WordPress Live Forms plugin <= 4.8.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shahjada Live Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Live Forms: from n/a through 4.8.4.

Vendor-Shahjada

Product-Live Forms

CWE ID-CWE-862

Missing Authorization

CVE-2025-39591

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG~0.00%

Published-16 Apr, 2025 | 12:44

Updated-16 Apr, 2025 | 14:31

WordPress WP Subscription Forms <= 1.2.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Shuffle WP Subscription Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms: from n/a through 1.2.3.

Vendor-WP Shuffle

Product-WP Subscription Forms

CWE ID-CWE-862

Missing Authorization

CVE-2025-39522

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG~0.00%

Published-16 Apr, 2025 | 12:45

Updated-16 Apr, 2025 | 13:25

WordPress Dynamic Post <= 4.10 - Settings Change Vulnerability

Missing Authorization vulnerability in Sebastian Lee Dynamic Post allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dynamic Post: from n/a through 4.10.

Vendor-Sebastian Lee

Product-Dynamic Post

CWE ID-CWE-862

Missing Authorization

CVE-2023-40011

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.07%

7 Day CHG~0.00%

Published-13 Dec, 2024 | 14:24

Updated-13 Dec, 2024 | 19:02

WordPress Cost Calculator Builder plugin <= 3.1.42 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes Cost Calculator Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator Builder: from n/a through 3.1.42.

Vendor-StylemixThemes

Product-Cost Calculator Builder

CWE ID-CWE-862

Missing Authorization

CVE-2025-3702

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 13.34%

7 Day CHG~0.00%

Published-03 Jul, 2025 | 12:14

Updated-09 Jul, 2025 | 15:26

WordPress Melapress File Monitor plugin < 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a before 2.2.0.

Vendor-melapress Melapress

Product-melapress_file_monitor Melapress File Monitor

CWE ID-CWE-862

Missing Authorization

CVE-2025-32218

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG~0.00%

Published-04 Apr, 2025 | 15:59

Updated-07 Apr, 2025 | 16:39

WordPress TableOn – WordPress Posts Table Filterable Plugin <= 1.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.4.

Vendor-PluginUs.Net (RealMag777)

Product-TableOn – WordPress Posts Table Filterable

CWE ID-CWE-862

Missing Authorization

CVE-2025-31923

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.35%

7 Day CHG~0.00%

Published-16 May, 2025 | 15:45

Updated-19 May, 2025 | 13:35

WordPress CSS3 Accordions for WordPress <= 3.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Accordions for WordPress: from n/a through 3.0.

Vendor-QuanticaLabs

Product-CSS3 Accordions for WordPress

CWE ID-CWE-862

Missing Authorization

CVE-2025-31794

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG~0.00%

Published-03 Apr, 2025 | 13:27

Updated-07 Apr, 2025 | 14:18

WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8.

Vendor-Web Ready Now

Product-WR Price List Manager For Woocommerce

CWE ID-CWE-862

Missing Authorization

CVE-2025-31881

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.04% / 12.71%

7 Day CHG-0.02%

Published-01 Apr, 2025 | 14:52

Updated-01 Apr, 2025 | 20:26

WordPress Pearl plugin <= 1.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Stylemix Pearl allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pearl: from n/a through 1.3.9.

Vendor-Stylemix

Product-Pearl

CWE ID-CWE-862

Missing Authorization

CVE-2025-31816

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG~0.00%

Published-01 Apr, 2025 | 14:51

Updated-01 Apr, 2025 | 20:26

WordPress Mobile App Canvas Plugin <= 3.8.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in pietro Mobile App Canvas allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile App Canvas: from n/a through 3.8.1.

Vendor-pietro

Product-Mobile App Canvas

CWE ID-CWE-862

Missing Authorization

CVE-2025-32178

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG~0.00%

Published-04 Apr, 2025 | 15:59

Updated-07 Apr, 2025 | 14:18

WordPress 6Storage Rentals Plugin <= 2.18.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.18.0.

Vendor-6Storage

Product-6Storage Rentals

CWE ID-CWE-862

Missing Authorization

CVE-2025-32221

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG~0.00%

Published-10 Apr, 2025 | 08:09

Updated-11 Apr, 2025 | 15:39

WordPress EazyDocs plugin <= 2.6.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Spider Themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EazyDocs: from n/a through 2.6.4.

Vendor-Spider Themes

Product-EazyDocs

CWE ID-CWE-862

Missing Authorization

CVE-2025-31854

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-0.04% / 12.71%

7 Day CHG-0.02%

Published-01 Apr, 2025 | 14:52

Updated-01 Apr, 2025 | 20:26

WordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Sharaz Shahid Simple Sticky Add To Cart For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple Sticky Add To Cart For WooCommerce: from n/a through 1.4.5.

Vendor-Sharaz Shahid

Product-Simple Sticky Add To Cart For WooCommerce

CWE ID-CWE-862

Missing Authorization

CVE-2025-31791

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.04% / 12.71%

7 Day CHG-0.02%

Published-01 Apr, 2025 | 14:51

Updated-01 Apr, 2025 | 20:26

WordPress Pin Generator Plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Oliver Boyers Pin Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pin Generator: from n/a through 2.0.0.

Vendor-Oliver Boyers

Product-Pin Generator

CWE ID-CWE-862

Missing Authorization

CVE-2025-32246

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG~0.00%

Published-04 Apr, 2025 | 15:59

Updated-07 Apr, 2025 | 14:18

WordPress 1-Click Backup & Restore Database <= 1.0.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Tim Nguyen 1-Click Backup & Restore Database allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 1-Click Backup & Restore Database: from n/a through 1.0.3.

Vendor-Tim Nguyen

Product-1-Click Backup & Restore Database

CWE ID-CWE-862

Missing Authorization

CVE-2025-31782

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG~0.00%

Published-01 Apr, 2025 | 14:51

Updated-01 Apr, 2025 | 20:26

WordPress mb.YTPlayer plugin <= 3.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in pupunzi mb.YTPlayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects mb.YTPlayer: from n/a through 3.3.8.

Vendor-pupunzi

Product-mb.YTPlayer

CWE ID-CWE-862

Missing Authorization

CVE-2025-32217

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG~0.00%

Published-04 Apr, 2025 | 15:59

Updated-07 Apr, 2025 | 16:39

WordPress Ai Image Alt Text Generator for WP plugin <= 1.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8.

Vendor-WP Messiah

Product-Ai Image Alt Text Generator for WP

CWE ID-CWE-862

Missing Authorization

CVE-2025-31826

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.04% / 12.71%

7 Day CHG-0.02%

Published-01 Apr, 2025 | 14:51

Updated-01 Apr, 2025 | 20:26

WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8.

Vendor-Anzar Ahmed

Product-Ni WooCommerce Cost Of Goods

CWE ID-CWE-862

Missing Authorization

CVE-2025-32219

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.07% / 21.46%

7 Day CHG~0.00%

Published-04 Apr, 2025 | 15:59

Updated-07 Apr, 2025 | 14:18

WordPress eaSYNC plugin <= 1.3.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syntactics, Inc. eaSYNC allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eaSYNC: from n/a through 1.3.19.

Vendor-Syntactics, Inc.

Product-eaSYNC

CWE ID-CWE-862

Missing Authorization

CVE-2025-31879

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.04% / 12.71%

7 Day CHG-0.02%

Published-01 Apr, 2025 | 14:52

Updated-01 Apr, 2025 | 20:26

WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Settings Change vulnerability

Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4.

Vendor-Dmitry V. (CEO of "UKR Solution")

Product-Barcode Generator for WooCommerce

CWE ID-CWE-862

Missing Authorization

CVE-2024-21748

Credits

WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs