Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-32951

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-24 Apr, 2024 | 06:59
Updated At-02 Aug, 2024 | 02:27
Rejected At-
Credits

WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerability

Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:24 Apr, 2024 | 06:59
Updated At:02 Aug, 2024 | 02:27
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerability

Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.

Affected Products
Vendor
BloomPixel
Product
Max Addons Pro for Bricks
Default Status
unaffected
Versions
Affected
  • From n/a through 1.6.1 (custom)
    • -> unaffectedfrom1.6.2
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to 1.6.2 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Dave Jong (Patchstack)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/max-addons-pro-bricks/wordpress-max-addons-pro-for-bricks-plugin-1-6-1-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/max-addons-pro-bricks/wordpress-max-addons-pro-for-bricks-plugin-1-6-1-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
WordPress.orgwordpress
Product
max_addons_pro_for_bricks
CPEs
  • cpe:2.3:a:wordpress:max_addons_pro_for_bricks:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • *
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/max-addons-pro-bricks/wordpress-max-addons-pro-for-bricks-plugin-1-6-1-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/max-addons-pro-bricks/wordpress-max-addons-pro-for-bricks-plugin-1-6-1-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:24 Apr, 2024 | 07:15
Updated At:24 Apr, 2024 | 13:39

Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primaryaudit@patchstack.com
CWE ID: CWE-862
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/max-addons-pro-bricks/wordpress-max-addons-pro-for-bricks-plugin-1-6-1-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/max-addons-pro-bricks/wordpress-max-addons-pro-for-bricks-plugin-1-6-1-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

166Records found
CVE-2023-25454
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.03%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Protected Posts Logout Button plugin <= 1.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5.

Action-Not Available
Vendor-Nate ReistWordPress.org
Product-Protected Posts Logout Buttonnate_reist_protected_posts_logout_button
CWE ID-CWE-862
Missing Authorization
CVE-2022-41698
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.74%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 10:13
Updated-03 Aug, 2024 | 12:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress If Menu – Visibility control for Menus plugin <= 0.16.3 - Broken Access Control

Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.

Action-Not Available
Vendor-LayeredWordPress.org
Product-If Menuadserve
CWE ID-CWE-862
Missing Authorization
CVE-2024-5382
Matching Score-10
Assigner-Wordfence
ShareView Details
Matching Score-10
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.76%
||
7 Day CHG-0.01%
Published-07 Jun, 2024 | 12:33
Updated-01 Aug, 2024 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it possible for unauthenticated attackers to create or modify existing Master Addons templates or make settings modifications related to these templates.

Action-Not Available
Vendor-master-addonslitonice13WordPress.org
Product-master_addonsMaster Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementorfree_widgets_for_elementor_plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-1371
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.08%
||
7 Day CHG~0.00%
Published-30 Apr, 2024 | 02:35
Updated-01 Aug, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lc_public_api_proxy() function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts.

Action-Not Available
Vendor-varunvairavanlcWordPress.org
Product-LeadConnectorleadconnector
CVE-2024-33929
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.31%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:21
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Directorist plugin <= 7.8.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Directorist.This issue affects Directorist: from n/a through 7.8.6.

Action-Not Available
Vendor-wpWaxWordPress.org
Product-Directoristdirectorist
CWE ID-CWE-862
Missing Authorization
CVE-2024-33585
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.84%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 12:43
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 2.12.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through 2.12.1.

Action-Not Available
Vendor-Tyche SoftwaresWordPress.org
Product-Payment Gateway Based Fees and Discounts for WooCommercepayment_gateway_based_fees_and_discounts_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-33566
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.89% / 74.58%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 07:58
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability

Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.

Action-Not Available
Vendor-N-MediaWordPress.org
Product-OrderConvoorderconvo
CWE ID-CWE-862
Missing Authorization
CVE-2024-33576
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 58.60%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 19:23
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPPizza plugin <= 3.18.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10.

Action-Not Available
Vendor-OllybachWordPress.org
Product-WPPizzawppizza
CWE ID-CWE-862
Missing Authorization
CVE-2024-32822
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.93%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 11:21
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Reviews Plus plugin <= 1.3.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4.

Action-Not Available
Vendor-impleCodeWordPress.org
Product-Reviews Plusreviews_plus
CWE ID-CWE-862
Missing Authorization
CVE-2024-32601
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.83%
||
7 Day CHG~0.00%
Published-18 Apr, 2024 | 08:19
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup Anything plugin <= 2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Popup Anything.This issue affects Popup Anything: from n/a through 2.8.

Action-Not Available
Vendor-WP OnlineSupport, Essential PluginWordPress.org
Product-Popup Anythingpopup_anything
CWE ID-CWE-862
Missing Authorization
CVE-2020-28036
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.83% / 89.10%
||
7 Day CHG~0.00%
Published-31 Oct, 2020 | 00:59
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.orgFedora Project
Product-wordpressdebian_linuxfedoran/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-7381
Matching Score-6
Assigner-Wordfence
ShareView Details
Matching Score-6
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-1.04% / 76.52%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 11:00
Updated-06 Sep, 2024 | 10:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Geo Controller <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution

The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.

Action-Not Available
Vendor-infinitumformcreativformWordPress.org
Product-geo_controllerGeo Controllergeo_controller
CWE ID-CWE-862
Missing Authorization
CVE-2024-56001
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.52%
||
7 Day CHG+0.01%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ksher plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through 1.1.1.

Action-Not Available
Vendor-Ksher
Product-Ksher
CWE ID-CWE-862
Missing Authorization
CVE-2023-47180
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.52%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-03 Jan, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin <= 2.16.0 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0.

Action-Not Available
Vendor-XLPlugins
Product-Finale Lite
CWE ID-CWE-862
Missing Authorization
CVE-2021-4359
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.45%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-28 Dec, 2024 | 00:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfm_delete_file AJAX action. This makes it possible for unauthenticated attackers to delete any posts and pages on the site.

Action-Not Available
Vendor-najeebmedianmedia
Product-frontend_file_manager_pluginFrontend File Manager Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-43979
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.24%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-08 Nov, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blockbooster theme <= 1.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10.

Action-Not Available
Vendor-cozythemesCozyThemescozythemes
Product-blockboosterBlockboosterblockbooster
CWE ID-CWE-862
Missing Authorization
CVE-2024-43980
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.24%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-08 Nov, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FotaWP theme <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in CozyThemes Fota WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fota WP: from n/a through 1.4.1.

Action-Not Available
Vendor-cozythemesCozyThemescozythemes
Product-fotawpFota WPfotawp
CWE ID-CWE-862
Missing Authorization
CVE-2024-43939
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.43%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 15:06
Updated-10 Oct, 2024 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Arbitrary Option Deletion vulnerability

Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9.

Action-Not Available
Vendor-zynithVIICTORY MEDIA LLCvictory_media_llc
Product-zynithZ Y N I T Hzynith
CWE ID-CWE-862
Missing Authorization
CVE-2024-43940
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.43%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 15:07
Updated-10 Oct, 2024 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9.

Action-Not Available
Vendor-zynithVIICTORY MEDIA LLCvictory_media_llc
Product-zynithZ Y N I T Hzynith
CWE ID-CWE-862
Missing Authorization
CVE-2024-43998
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-16.11% / 94.53%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-08 Nov, 2024 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blogpoet theme <= 1.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.

Action-Not Available
Vendor-websiteinwpWebsiteinWPwebsiteinwp
Product-blogpoetBlogpoetblogpoet
CWE ID-CWE-862
Missing Authorization
CVE-2024-43974
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.59%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-08 Nov, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ReviveNews theme <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in CozyThemes ReviveNews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviveNews: from n/a through 1.0.2.

Action-Not Available
Vendor-cozythemesCozyThemescozythemes
Product-revivenewsReviveNewsrevivenews
CWE ID-CWE-862
Missing Authorization
CVE-2024-43341
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.24%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-13 Nov, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hello Agency theme <= 1.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5.

Action-Not Available
Vendor-cozythemesCozyThemescozythemes
Product-hello_agencyHello Agencyhello_agency
CWE ID-CWE-862
Missing Authorization
CVE-2024-43209
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.85%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-05 Nov, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bitly's WordPress Plugin plugin <= 2.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bitly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bitly: from n/a through 2.7.2.

Action-Not Available
Vendor-Bitlybitly
Product-Bitlybitly
CWE ID-CWE-862
Missing Authorization
CVE-2024-38771
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.34%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-05 Nov, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Atarim plugin <= 4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0.

Action-Not Available
Vendor-Atarimatarim
Product-Atarimatarim
CWE ID-CWE-862
Missing Authorization
CVE-2023-46644
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.52%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:00
Updated-02 Jan, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8.

Action-Not Available
Vendor-WP CTA PRO
Product-WordPress CTA
CWE ID-CWE-862
Missing Authorization
CVE-2024-39640
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.62%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Feed Gallery plugin <= 4.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9.

Action-Not Available
Vendor-QuadLayersquadlayers
Product-WP Social Feed Gallerywp_social_feed_gallery
CWE ID-CWE-862
Missing Authorization
CVE-2024-35660
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.81%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:56
Updated-26 Nov, 2024 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.

Action-Not Available
Vendor-master-addonsJewel Themejeweltheme
Product-master_addonsMaster Addons for Elementormaster_addons_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-33931
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.03%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:19
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JW Player for WordPress plugin <= 2.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3.

Action-Not Available
Vendor-ilGhera
Product-JW Player for WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2024-33919
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.01%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:31
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.

Action-Not Available
Vendor-Romethemerometheme
Product-RomethemeKit For Elementorromethemekit_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-34799
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.12%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:35
Updated-20 Mar, 2025 | 11:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BookingPress plugin <= 1.0.82 - Appointment Duration Manipulation vulnerability

Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82.

Action-Not Available
Vendor-reputeinfosystemsRepute Infosystems
Product-bookingpressBookingPress
CWE ID-CWE-862
Missing Authorization
CVE-2024-34820
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.76%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:57
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress If-So Dynamic Content Personalization plugin <= 1.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1.

Action-Not Available
Vendor-If So Plugin
Product-If-So Dynamic Content Personalization
CWE ID-CWE-862
Missing Authorization
CVE-2024-33944
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.74%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 11:26
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerability

Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2.

Action-Not Available
Vendor-Kestrelkestrel_woocommerce
Product-WooCommerce AWeber Newsletter Subscriptionawber_newsletter_subscription
CWE ID-CWE-862
Missing Authorization
CVE-2024-32677
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.03%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:24
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0.

Action-Not Available
Vendor-LoginPress
Product-LoginPress Pro
CWE ID-CWE-862
Missing Authorization
CVE-2023-45633
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.52%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 14:52
Updated-03 Jan, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress IMPress Listings plugin <= 2.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in IDX IMPress Listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IMPress Listings: from n/a through 2.6.2.

Action-Not Available
Vendor-IDX
Product-IMPress Listings
CWE ID-CWE-862
Missing Authorization
CVE-2024-32675
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.03%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:26
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Order Limit for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through 2.0.0.

Action-Not Available
Vendor-Xfinity Softxfinity_soft
Product-Order Limit for WooCommerceorder_limit_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-31368
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.51%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 08:21
Updated-02 Jul, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.

Action-Not Available
Vendor-pencidesignPenciDesignpencidesign
Product-soledadSoledadsoledad
CWE ID-CWE-862
Missing Authorization
CVE-2024-32509
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.74%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:43
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerability

Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76.

Action-Not Available
Vendor-Loopus
Product-WP Cost Estimation & Payment Forms Builder
CWE ID-CWE-862
Missing Authorization
CVE-2024-31284
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.79%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:10
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8.

Action-Not Available
Vendor-WPDeveloper
Product-embedpressEmbedPressembedpress
CWE ID-CWE-862
Missing Authorization
CVE-2024-30534
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.81%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 09:03
Updated-02 Aug, 2024 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Calendarista Basic Edition plugin <= 3.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.5.

Action-Not Available
Vendor-typpstypps
Product-calendaristaCalendarista Basic Edition
CWE ID-CWE-862
Missing Authorization
CVE-2024-30508
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.48%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 14:17
Updated-11 Feb, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Hotel Booking plugin <= 2.0.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2.

Action-Not Available
Vendor-ThimPress (PhysCode)
Product-wp_hotel_bookingWP Hotel Bookingwp_hotel_booking
CWE ID-CWE-862
Missing Authorization
CVE-2024-22156
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.54%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 12:28
Updated-02 Aug, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.

Action-Not Available
Vendor-SNP Digitalsnpdigital
Product-SalesKingsalesking_wordpress
CWE ID-CWE-862
Missing Authorization
CVE-2024-1125
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.23%
||
7 Day CHG~0.00%
Published-09 Mar, 2024 | 07:01
Updated-15 Jan, 2025 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.

Action-Not Available
Vendor-Metagauss Inc.
Product-eventprimeEventPrime – Events Calendar, Bookings and Tickets
CWE ID-CWE-862
Missing Authorization
CVE-2024-11069
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 39.11%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 07:35
Updated-23 Jan, 2025 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GDPR <= 2.0.2 - Missing Authorization to Unauthenticated Arbitrary User Deletion

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users.

Action-Not Available
Vendor-welaunchwelaunchwelaunch
Product-wordpress_gdprWordPress GDPRwordpress_gdpr\&ccpa
CWE ID-CWE-862
Missing Authorization
CVE-2024-10294
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.70%
||
7 Day CHG+0.03%
Published-09 Nov, 2024 | 02:32
Updated-29 Jan, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CE21 Suite <= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings Change

The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings.

Action-Not Available
Vendor-ce21CE21, LLC.
Product-ce21_suiteCE21 Suitece21-suite
CWE ID-CWE-862
Missing Authorization
CVE-2023-41651
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.82%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 08:56
Updated-02 Aug, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerability

Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26.

Action-Not Available
Vendor-Multi-Column Tag Map
Product-Multi-column Tag Mapmulti-column_tag_map
CWE ID-CWE-862
Missing Authorization
CVE-2023-41649
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.52%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:24
Updated-13 Dec, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ovic Product Bundle plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ovic Team Ovic Product Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through 1.1.2.

Action-Not Available
Vendor-Ovic Team
Product-Ovic Product Bundle
CWE ID-CWE-862
Missing Authorization
CVE-2019-25139
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.53%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-28 Dec, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset.

Action-Not Available
Vendor-wpshopmartwpshopmart
Product-coming_soon_page_\&_maintenance_modeComing Soon Page & Maintenance Mode
CWE ID-CWE-862
Missing Authorization
CVE-2023-6637
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.52%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 08:32
Updated-03 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin settings.

Action-Not Available
Vendor-daandaanvandenbergh
Product-complete_analytics_optimization_suiteCAOS | Host Google Analytics Locally
CWE ID-CWE-862
Missing Authorization
CVE-2023-6158
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.67%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 14:32
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). This makes it possible for unauthenticated attackers to update and remove arbitrary post metadata. Note that certain parameters may allow for content injection.

Action-Not Available
Vendor-myeventonashanjayEventON
Product-eventoneventon-liteEventON ProEventON
CWE ID-CWE-862
Missing Authorization
CVE-2025-23773
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.67%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:48
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Delete All Posts plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in mingocommerce Delete All Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Delete All Posts: from n/a through 1.1.1.

Action-Not Available
Vendor-mingocommerce
Product-Delete All Posts
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found