Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-24711

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-26 Mar, 2024 | 11:43
Updated At-02 Aug, 2024 | 16:07
Rejected At-
Credits

WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:26 Mar, 2024 | 11:43
Updated At:02 Aug, 2024 | 16:07
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.

Affected Products
Vendor
weDevs Pte. Ltd.weDevs
Product
WooCommerce Conversion Tracking
Collection URL
https://wordpress.org/plugins
Package Name
woocommerce-conversion-tracking
Default Status
unaffected
Versions
Affected
  • From n/a through 2.0.11 (custom)
    • -> unaffectedfrom2.0.12
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to 2.0.12 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Abdi Pranata (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/woocommerce-conversion-tracking/wordpress-woocommerce-conversion-tracking-plugin-2-0-11-broken-access-control-csrf-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/woocommerce-conversion-tracking/wordpress-woocommerce-conversion-tracking-plugin-2-0-11-broken-access-control-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/woocommerce-conversion-tracking/wordpress-woocommerce-conversion-tracking-plugin-2-0-11-broken-access-control-csrf-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/woocommerce-conversion-tracking/wordpress-woocommerce-conversion-tracking-plugin-2-0-11-broken-access-control-csrf-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
weDevs Pte. Ltd.wedevs
Product
woocommerce_conversion_tracking
CPEs
  • cpe:2.3:a:wedevs:woocommerce_conversion_tracking:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 2.0.11 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:26 Mar, 2024 | 12:15
Updated At:26 Mar, 2024 | 12:55

Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primaryaudit@patchstack.com
CWE ID: CWE-862
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/woocommerce-conversion-tracking/wordpress-woocommerce-conversion-tracking-plugin-2-0-11-broken-access-control-csrf-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/woocommerce-conversion-tracking/wordpress-woocommerce-conversion-tracking-plugin-2-0-11-broken-access-control-csrf-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

804Records found
CVE-2023-33998
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.09%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Social Icons plugin <= 3.2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in cybernetikz Easy Social Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Icons: from n/a through 3.2.5.

Action-Not Available
Vendor-cybernetikz
Product-Easy Social Icons
CWE ID-CWE-862
Missing Authorization
CVE-2025-29001
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.12%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 08:42
Updated-08 Jul, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Shop Page Builder plugin <= 2.27.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7.

Action-Not Available
Vendor-ZoomIt
Product-WooCommerce Shop Page Builder
CWE ID-CWE-862
Missing Authorization
CVE-2024-34803
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.42%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 10:18
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.

Action-Not Available
Vendor-Fastly
Product-Fastly
CWE ID-CWE-862
Missing Authorization
CVE-2025-29007
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.12%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 08:42
Updated-08 Jul, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LMSACE Connect plugin <= 3.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in LMSACE LMSACE Connect allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LMSACE Connect: from n/a through 3.4.

Action-Not Available
Vendor-LMSACE
Product-LMSACE Connect
CWE ID-CWE-862
Missing Authorization
CVE-2024-13424
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.91%
||
7 Day CHG~0.00%
Published-31 Jan, 2025 | 05:22
Updated-31 Jan, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ni Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission Update

The Ni Sales Commission For WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'niwoosc_ajax' AJAX endpoint in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and modify commission amounts.

Action-Not Available
Vendor-anzia
Product-Ni Sales Commission For WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-29010
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.72%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Behance Portfolio Manager <= 1.7.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in eleopard Behance Portfolio Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.

Action-Not Available
Vendor-eleopard
Product-Behance Portfolio Manager
CWE ID-CWE-862
Missing Authorization
CVE-2025-28996
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.72%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GPP Slideshow <= 1.3.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5.

Action-Not Available
Vendor-Thad Allender
Product-GPP Slideshow
CWE ID-CWE-862
Missing Authorization
CVE-2024-12614
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.50%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 09:39
Updated-17 Jan, 2025 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Passwords Manager <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key

The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and add passwords.

Action-Not Available
Vendor-hirewebxpertscoder426
Product-passwords_managerPasswords Manager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-862
Missing Authorization
CVE-2024-12855
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 08:18
Updated-12 Aug, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Attachment Deletion

The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete posts, attachments and deactivate a license.

Action-Not Available
Vendor-ScriptsBundle
Product-adforestAdForest
CWE ID-CWE-862
Missing Authorization
CVE-2023-33922
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.37%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:17
Updated-07 Aug, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Website Builder.This issue affects Elementor Website Builder: from n/a through 3.13.2.

Action-Not Available
Vendor-elementorElementor
Product-website_builderElementor Website Builder
CWE ID-CWE-862
Missing Authorization
CVE-2023-33995
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.13%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Photo Gallery by 10Web
CWE ID-CWE-862
Missing Authorization
CVE-2025-28994
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.72%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:54
Updated-06 Jun, 2025 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.

Action-Not Available
Vendor-viralloops
Product-Viral Loops WP Integration
CWE ID-CWE-862
Missing Authorization
CVE-2024-13335
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.60%
||
7 Day CHG+0.01%
Published-24 Jan, 2025 | 11:07
Updated-05 Feb, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates <= 1.0.14 - Missing Authorization to Spexo Theme Install

The Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the tmpcoder_theme_install_func() function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install a theme.

Action-Not Available
Vendor-templatescodertemplatescoderthemes
Product-spexo_addons_for_elementorSpexo Addons for Elementor – Free Elementor Addons, Widgets and Templates
CWE ID-CWE-862
Missing Authorization
CVE-2025-26367
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 13:29
Updated-10 Apr, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests.

Action-Not Available
Vendor-Q-Free
Product-maxtimeMaxTime
CWE ID-CWE-862
Missing Authorization
CVE-2024-12826
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.12%
||
7 Day CHG+0.01%
Published-25 Jan, 2025 | 07:24
Updated-27 Jan, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update

The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() function in all versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to update limited plugin settings.

Action-Not Available
Vendor-nmedia
Product-GoHero Store Customizer for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-34379
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.28%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 16:12
Updated-23 May, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cart2Cart: Magento to WooCommerce Migration Plugin <= 2.0.0 is vulnerable to Broken Access Control

Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0.

Action-Not Available
Vendor-magneticoneMagneticOne
Product-magento_to_woocommerce_migrationCart2Cart: Magento to WooCommerce Migration
CWE ID-CWE-862
Missing Authorization
CVE-2025-26871
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.39%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 14:17
Updated-10 Apr, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Essential Blocks plugin <= 4.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.3.

Action-Not Available
Vendor-WPDeveloper
Product-essential_blocksEssential Blocks for Gutenberg
CWE ID-CWE-862
Missing Authorization
CVE-2024-12618
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 11:10
Updated-09 Jan, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Newsletter2Go <= 4.0.14 - Missing Authorization to Authenticated (Subscriber+) Style Reset

The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset styles.

Action-Not Available
Vendor-newsletter2go
Product-Newsletter2Go
CWE ID-CWE-862
Missing Authorization
CVE-2024-12879
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 05:23
Updated-12 Feb, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPBot Pro Wordpress Chatbot <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'qc_wp_latest_update_check_pro' function in all versions up to, and including, 13.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create Simple Text Responses to chat queries.

Action-Not Available
Vendor-quantumcloudQuantumCloud
Product-wpotWPBot Pro Wordpress Chatbot
CWE ID-CWE-862
Missing Authorization
CVE-2024-12606
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-10 Jan, 2025 | 03:21
Updated-10 Jan, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings.

Action-Not Available
Vendor-opacewebdesign
Product-AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K)
CWE ID-CWE-862
Missing Authorization
CVE-2024-11844
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 20.32%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 08:32
Updated-05 Jun, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IdeaPush <= 8.71 - Missing Authorization to Board Term Deletion

The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the "boards" taxonomy.

Action-Not Available
Vendor-northernbeacheswebsitesnorthernbeacheswebsites
Product-ideapushIdeaPush
CWE ID-CWE-862
Missing Authorization
CVE-2024-11709
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.10%
||
7 Day CHG+0.01%
Published-12 Dec, 2024 | 04:23
Updated-12 Dec, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page Deletion

The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all versions up to, and including, 3.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary pages and posts.

Action-Not Available
Vendor-kekotron
Product-AI Post Generator | AutoWriter
CWE ID-CWE-862
Missing Authorization
CVE-2024-12210
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.41%
||
7 Day CHG~0.00%
Published-24 Dec, 2024 | 05:23
Updated-24 Dec, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion

The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove the shop's logo.

Action-Not Available
Vendor-tychesoftwares
Product-Print Invoice & Delivery Notes for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-26656
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.77%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 00:35
Updated-11 Mar, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in S/4HANA (Manage Purchasing Info Records)

OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application.

Action-Not Available
Vendor-SAP SE
Product-S/4HANA (Manage Purchasing Info Records)
CWE ID-CWE-862
Missing Authorization
CVE-2024-12431
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.13%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 20:30
Updated-05 Aug, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-862
Missing Authorization
CVE-2024-11851
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 13.14%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 11:29
Updated-15 Jan, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update

The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to integers and not arbitrary values.

Action-Not Available
Vendor-nitropack
Product-NitroPack – Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN
CWE ID-CWE-862
Missing Authorization
CVE-2025-24736
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.79%
||
7 Day CHG+0.01%
Published-24 Jan, 2025 | 17:25
Updated-09 Jun, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Post Duplicator plugin <= 2.35 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35.

Action-Not Available
Vendor-metaphorcreationsMetaphor Creations
Product-post_duplicatorPost Duplicator
CWE ID-CWE-862
Missing Authorization
CVE-2025-24754
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 13:59
Updated-27 Jan, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0.

Action-Not Available
Vendor-Houzez.co
Product-Houzez
CWE ID-CWE-862
Missing Authorization
CVE-2024-35723
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.54%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:50
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0.

Action-Not Available
Vendor-arwebdesignAndrew Rapps
Product-dashboard_to-do_listDashboard To-Do List
CWE ID-CWE-862
Missing Authorization
CVE-2025-24653
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1.

Action-Not Available
Vendor-NotFound
Product-Admin and Site Enhancements (ASE) Pro
CWE ID-CWE-862
Missing Authorization
CVE-2025-24649
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.79%
||
7 Day CHG+0.01%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.

Action-Not Available
Vendor-wpase.com
Product-Admin and Site Enhancements (ASE)
CWE ID-CWE-862
Missing Authorization
CVE-2024-12341
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.68%
||
7 Day CHG+0.01%
Published-12 Dec, 2024 | 03:23
Updated-12 Dec, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Creation

The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the content of any post and create new skins.

Action-Not Available
Vendor-mahendrapatidarmp
Product-Custom Skins Contact Form 7
CWE ID-CWE-862
Missing Authorization
CVE-2025-24753
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.10%
||
7 Day CHG+0.01%
Published-24 Jan, 2025 | 17:25
Updated-12 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kadence Blocks plugin <= 3.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kadence WP Gutenberg Blocks by Kadence Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutenberg Blocks by Kadence Blocks: from n/a through 3.3.1.

Action-Not Available
Vendor-Kadence WP
Product-gutenberg_blocks_with_aiGutenberg Blocks by Kadence Blocks
CWE ID-CWE-862
Missing Authorization
CVE-2024-12110
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-06 Dec, 2024 | 08:24
Updated-06 Dec, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation

The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses.

Action-Not Available
Vendor-jerryscg
Product-Gold Addons for Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-12249
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.46%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 11:10
Updated-09 Jan, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection

The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's CSS settings.

Action-Not Available
Vendor-samdani
Product-GS Insever Portfolio
CWE ID-CWE-862
Missing Authorization
CVE-2023-34009
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 29.34%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.1 - Broken Access Control + CSRF

Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media & Share Icons: from n/a through 2.8.1.

Action-Not Available
Vendor-Inisev
Product-Social Media & Share Icons
CWE ID-CWE-862
Missing Authorization
CVE-2025-24693
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.79%
||
7 Day CHG+0.01%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Notifications plugin <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Yehi Advanced Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Notifications: from n/a through 1.2.7.

Action-Not Available
Vendor-Yehi
Product-Advanced Notifications
CWE ID-CWE-862
Missing Authorization
CVE-2024-12033
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.60%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 11:11
Updated-22 Jan, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries

Action-Not Available
Vendor-artbeesartbees
Product-jupiter_x_coreJupiter X Core
CWE ID-CWE-862
Missing Authorization
CVE-2024-12026
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.68%
||
7 Day CHG~0.00%
Published-07 Dec, 2024 | 01:45
Updated-09 Dec, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation

The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters.

Action-Not Available
Vendor-kofimokome
Product-Message Filter for Contact Form 7
CWE ID-CWE-862
Missing Authorization
CVE-2023-32574
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.01%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Injection Guard plugin <= 1.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood Injection Guard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Injection Guard: from n/a through 1.2.1.

Action-Not Available
Vendor-Fahad Mahmood
Product-Injection Guard
CWE ID-CWE-862
Missing Authorization
CVE-2023-32586
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.56%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SoundCloud Is Gold plugin <= 2.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Thomas Michalak Soundcloud Is Gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Soundcloud Is Gold: from n/a through 2.5.1.

Action-Not Available
Vendor-Thomas Michalak
Product-Soundcloud Is Gold
CWE ID-CWE-862
Missing Authorization
CVE-2025-24691
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.79%
||
7 Day CHG+0.01%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress People Lists plugin <= 1.3.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gagan Sandhu , Enej Bajgoric , CTLT DEV, UBC People Lists allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects People Lists: from n/a through 1.3.10.

Action-Not Available
Vendor-Gagan Sandhu , Enej Bajgoric , CTLT DEV, UBC
Product-People Lists
CWE ID-CWE-862
Missing Authorization
CVE-2025-24743
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:22
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2.

Action-Not Available
Vendor-Rometheme
Product-RomethemeKit For Elementor
CWE ID-CWE-862
Missing Authorization
CVE-2025-54712
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.64%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 18:21
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in hashthemes Easy Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Elementor Addons: from n/a through 2.2.7.

Action-Not Available
Vendor-hashthemes
Product-Easy Elementor Addons
CWE ID-CWE-862
Missing Authorization
CVE-2024-33925
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.15%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:22
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Embed Google Fonts plugin <= 3.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0.

Action-Not Available
Vendor-Adrian Mörchen
Product-Embed Google Fonts
CWE ID-CWE-862
Missing Authorization
CVE-2023-32316
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 22:36
Updated-14 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Users can add themselves to any organization in CloudExplorer Lite

CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-FIT2CLOUD Inc.CloudExplorer Lite (FIT2CLOUD Inc.)
Product-cloudexplorerCloudExplorer-Lite
CWE ID-CWE-862
Missing Authorization
CVE-2025-24613
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.79%
||
7 Day CHG+0.01%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FV Thoughtful Comments plugin <= 0.3.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Foliovision FV Thoughtful Comments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FV Thoughtful Comments: from n/a through 0.3.5.

Action-Not Available
Vendor-Foliovision
Product-FV Thoughtful Comments
CWE ID-CWE-862
Missing Authorization
CVE-2025-23962
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 17.79%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:08
Updated-17 Jan, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Goldstar plugin <= 2.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Goldstar Goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through 2.1.1.

Action-Not Available
Vendor-Goldstar
Product-Goldstar
CWE ID-CWE-862
Missing Authorization
CVE-2023-32519
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 27.56%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WCP Contact Form plugin <= 3.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0.

Action-Not Available
Vendor-Webcodin
Product-WCP Contact Form
CWE ID-CWE-862
Missing Authorization
CVE-2025-24618
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.10%
||
7 Day CHG+0.01%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ElementInvader Addons for Elementor Plugin <= 1.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1.

Action-Not Available
Vendor-ElementInvader
Product-ElementInvader Addons for Elementor
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 16
  • 17
  • Next
Details not found