Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-33931

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-03 May, 2024 | 08:19
Updated At-02 Aug, 2024 | 02:42
Rejected At-
Credits

WordPress JW Player for WordPress plugin <= 2.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:03 May, 2024 | 08:19
Updated At:02 Aug, 2024 | 02:42
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress JW Player for WordPress plugin <= 2.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3.

Affected Products
Vendor
ilGhera
Product
JW Player for WordPress
Collection URL
https://wordpress.org/plugins
Package Name
jw-player-7-for-wp
Default Status
unaffected
Versions
Affected
  • From n/a through 2.3.3 (custom)
    • -> unaffectedfrom2.3.4
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to 2.3.4 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
Mika (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/jw-player-7-for-wp/wordpress-jw-player-for-wordpress-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/jw-player-7-for-wp/wordpress-jw-player-for-wordpress-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/jw-player-7-for-wp/wordpress-jw-player-for-wordpress-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/jw-player-7-for-wp/wordpress-jw-player-for-wordpress-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:03 May, 2024 | 09:15
Updated At:03 May, 2024 | 12:48

Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primaryaudit@patchstack.com
CWE ID: CWE-862
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/jw-player-7-for-wp/wordpress-jw-player-for-wordpress-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/jw-player-7-for-wp/wordpress-jw-player-for-wordpress-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

159Records found
CVE-2025-22730
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 25.00%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 14:21
Updated-18 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ksher plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ksher: from n/a through 1.1.2.

Action-Not Available
Vendor-Ksher
Product-Ksher
CWE ID-CWE-862
Missing Authorization
CVE-2024-9586
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.95%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 05:33
Updated-29 Jan, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update

The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings.

Action-Not Available
Vendor-linkz.aivittor1olinkz.ai
Product-linkz.aiLinkz.ai – Automatic link previews on hoverlinkz.ai
CWE ID-CWE-862
Missing Authorization
CVE-2023-36504
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.15%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 23:48
Updated-26 Dec, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through 2.4.5.

Action-Not Available
Vendor-bbsethemeBBS e-Theme
Product-bbs_e-popupBBS e-Popup
CWE ID-CWE-862
Missing Authorization
CVE-2025-26764
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 25.00%
||
7 Day CHG~0.00%
Published-22 Feb, 2025 | 15:52
Updated-24 Feb, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Settings Change vulnerability

Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22.

Action-Not Available
Vendor-Eniture, LLC
Product-Distance Based Shipping Calculator
CWE ID-CWE-862
Missing Authorization
CVE-2024-9161
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.82% / 73.38%
||
7 Day CHG~0.00%
Published-05 Oct, 2024 | 11:21
Updated-29 Jan, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Metadata Insert, Update, and Delete

The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beginning with 'rank_math', and delete arbitrary existing user metadata and term metadata. Deleting existing usermeta can cause a loss of access to the administrator dashboard for any registered users, including Administrators.

Action-Not Available
Vendor-rankmathrankmath
Product-seoRank Math SEO – AI SEO Tools to Dominate SEO Rankings
CWE ID-CWE-862
Missing Authorization
CVE-2023-36512
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 27.28%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 12:34
Updated-02 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AutomateWoo plugin <= 5.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5.

Action-Not Available
Vendor-WooCommerce
Product-AutomateWooautomatewoo
CWE ID-CWE-862
Missing Authorization
CVE-2024-7032
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 64.35%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 05:30
Updated-31 Aug, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion

The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database.

Action-Not Available
Vendor-zaytechelbanyaouizaytech
Product-smart_online_order_for_cloverSmart Online Order for Cloversmart_online_order_for_clover
CWE ID-CWE-862
Missing Authorization
CVE-2025-22668
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.73%
||
7 Day CHG-0.01%
Published-27 Mar, 2025 | 14:23
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Awesome Event Booking plugin <= 2.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in AwesomeTOGI Awesome Event Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Event Booking: from n/a through 2.7.2.

Action-Not Available
Vendor-AwesomeTOGI
Product-Awesome Event Booking
CWE ID-CWE-862
Missing Authorization
CVE-2025-22670
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.73%
||
7 Day CHG-0.01%
Published-27 Mar, 2025 | 14:14
Updated-27 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerability

Missing Authorization vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.7.2.

Action-Not Available
Vendor-e4jvikwp
Product-VikBooking Hotel Booking Engine & PMS
CWE ID-CWE-862
Missing Authorization
CVE-2025-22265
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.26%
||
7 Day CHG+0.01%
Published-31 Jan, 2025 | 08:23
Updated-31 Jan, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerability

Missing Authorization vulnerability in mgplugin EMI Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EMI Calculator: from n/a through 1.1.

Action-Not Available
Vendor-mgplugin
Product-EMI Calculator
CWE ID-CWE-862
Missing Authorization
CVE-2025-22285
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.71%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 13:53
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Pallet Packaging for WooCommerce Plugin <= 1.1.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in Eniture Technology Pallet Packaging for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pallet Packaging for WooCommerce: from n/a through 1.1.15.

Action-Not Available
Vendor-Eniture, LLC
Product-Pallet Packaging for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-35050
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 27.28%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 12:28
Updated-02 Aug, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability

Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0.

Action-Not Available
Vendor-Elementorelementor
Product-Elementor Proelementor_pro
CWE ID-CWE-862
Missing Authorization
CVE-2024-9860
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.63%
||
7 Day CHG~0.00%
Published-12 Oct, 2024 | 02:05
Updated-15 Oct, 2024 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo Import

The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'import_action' and 'install_plugin_per_demo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with subscriber-level permissions or above, to delete or change plugin settings, import demo data, and install limited plugins.

Action-Not Available
Vendor-QODEqode
Product-Bridge Corebridge_core
CWE ID-CWE-862
Missing Authorization
CVE-2025-22608
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.33%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 16:28
Updated-12 Feb, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID, resulting in a Denial-of-Service attack (DOS). Version 4.0.0-beta.361 fixes the issue.

Action-Not Available
Vendor-coollabsio
Product-coolify
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
CVE-2024-5382
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.77%
||
7 Day CHG-0.01%
Published-07 Jun, 2024 | 12:33
Updated-01 Aug, 2024 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.1 - Missing Authorization to MA Template Creation or Modification

The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. This makes it possible for unauthenticated attackers to create or modify existing Master Addons templates or make settings modifications related to these templates.

Action-Not Available
Vendor-master-addonslitonice13WordPress.org
Product-master_addonsMaster Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementorfree_widgets_for_elementor_plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-55991
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:51
Updated-31 Dec, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRM Plugin – WP-CRM System plugin <= 3.2.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP-CRM WP-CRM System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through 3.2.9.1.

Action-Not Available
Vendor-WP-CRM
Product-WP-CRM System
CWE ID-CWE-862
Missing Authorization
CVE-2024-56295
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 May, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Poll Maker plugin <= 5.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6.

Action-Not Available
Vendor-AYS Pro Extensions
Product-poll_makerPoll Maker
CWE ID-CWE-862
Missing Authorization
CVE-2025-22289
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-16 Feb, 2025 | 22:17
Updated-23 May, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8.

Action-Not Available
Vendor-NotFoundEniture, LLC
Product-ltl_freight_quotesLTL Freight Quotes – Unishippers Edition
CWE ID-CWE-862
Missing Authorization
CVE-2024-54218
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.47%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 13:15
Updated-09 Dec, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in Thehp AIO Contact.This issue affects AIO Contact: from n/a through 2.8.1.

Action-Not Available
Vendor-Thehpthehp
Product-AIO Contactaio_contact
CWE ID-CWE-862
Missing Authorization
CVE-2020-36721
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.64%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-28 Dec, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site.

Action-Not Available
Vendor-cpothemescolorlibmachothemeswpchillsilkalns
Product-naturemag_literegina_litepixova_liteshapelyantreasilldyallegiantbonkerstranscendbrillianceactivelloaffluentnewsmagmedzone_litenewspaper_xActivelloBrillianceNewspaper X
CWE ID-CWE-862
Missing Authorization
CVE-2023-33324
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 29.01%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Captcha plugin <= 1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in wppal Easy Captcha allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Captcha: from n/a through 1.0.

Action-Not Available
Vendor-wppal
Product-Easy Captcha
CWE ID-CWE-862
Missing Authorization
CVE-2023-33994
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.05%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through 5.0.5.1.

Action-Not Available
Vendor-Jason Crouse, VeronaLabs
Product-Slimstat Analytics
CWE ID-CWE-862
Missing Authorization
CVE-2023-34003
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 27.29%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 10:19
Updated-11 Oct, 2024 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Box Office plugin <= 1.1.51 - Unauthenticated Save Ticket Barcode vulnerability

Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51.

Action-Not Available
Vendor-WooCommerce
Product-box_officeWooCommerce Box Officebox_office
CWE ID-CWE-862
Missing Authorization
CVE-2023-34019
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.63%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-Uncanny Toolkit for LearnDash
CWE ID-CWE-862
Missing Authorization
CVE-2022-46796
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.06%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 14:22
Updated-23 Dec, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CURCY plugin <= 2.1.25 - Unauthenticated plugin settings change vulnerability

Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25.

Action-Not Available
Vendor-VillaTheme
Product-CURCY
CWE ID-CWE-862
Missing Authorization
CVE-2022-45840
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.06%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 14:22
Updated-13 Dec, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Auto Affiliate Links plugin <= 6.2.1.5 - Unauth. Broken Access Control vulnerability

Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through 6.2.1.5.

Action-Not Available
Vendor-Lucian Apostol
Product-Auto Affiliate Links
CWE ID-CWE-862
Missing Authorization
CVE-2022-4169
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.48%
||
7 Day CHG~0.00%
Published-28 Nov, 2022 | 17:33
Updated-07 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it possible for unauthenticated attackers to update plugin and theme translation settings and to import translation strings.

Action-Not Available
Vendor-theme_and_plugin_translation_for_polylang_projectmarcinkazmierski
Product-theme_and_plugin_translation_for_polylangTheme and plugin translation for Polylang (TTfP)
CWE ID-CWE-862
Missing Authorization
CVE-2022-40218
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.45%
||
7 Day CHG~0.00%
Published-08 May, 2024 | 11:57
Updated-03 Aug, 2024 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4.

Action-Not Available
Vendor-ThemeHunkthemehunk
Product-Advance WordPress Search Pluginadvanced_wordpress_search
CWE ID-CWE-862
Missing Authorization
CVE-2024-55997
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.54%
||
7 Day CHG+0.01%
Published-18 Dec, 2024 | 11:38
Updated-18 Dec, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Order Delivery & Pickup Location Date Time plugin <= 1.1.0 - Settings Change vulnerability

Missing Authorization vulnerability in Web Chunky Order Delivery & Pickup Location Date Time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery & Pickup Location Date Time: from n/a through 1.1.0.

Action-Not Available
Vendor-Web Chunky
Product-Order Delivery & Pickup Location Date Time
CWE ID-CWE-862
Missing Authorization
CVE-2024-52485
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.54%
||
7 Day CHG+0.01%
Published-18 Dec, 2024 | 11:38
Updated-18 Dec, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Menu Image plugin <= 2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through 2.2.

Action-Not Available
Vendor-Yudiz Solutions Ltd.
Product-WP Menu Image
CWE ID-CWE-862
Missing Authorization
CVE-2024-47321
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.31%
||
7 Day CHG+0.04%
Published-01 Nov, 2024 | 14:17
Updated-12 Nov, 2024 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Datepicker plugin <= 2.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fahad Mahmood WP Datepicker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Datepicker: from n/a through 2.1.1.

Action-Not Available
Vendor-androidbubblesFahad Mahmoodandroidbubbles
Product-wp_datepickerWP Datepickerwp_datepicker
CWE ID-CWE-862
Missing Authorization
CVE-2024-43979
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.31%
||
7 Day CHG+0.04%
Published-01 Nov, 2024 | 14:17
Updated-08 Nov, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blockbooster theme <= 1.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in CozyThemes Blockbooster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockbooster: from n/a through 1.0.10.

Action-Not Available
Vendor-cozythemesCozyThemescozythemes
Product-blockboosterBlockboosterblockbooster
CWE ID-CWE-862
Missing Authorization
CVE-2024-43940
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.45%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 15:07
Updated-10 Oct, 2024 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in VIICTORY MEDIA LLC Z Y N I T H allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Z Y N I T H: from n/a through 7.4.9.

Action-Not Available
Vendor-zynithVIICTORY MEDIA LLCvictory_media_llc
Product-zynithZ Y N I T Hzynith
CWE ID-CWE-862
Missing Authorization
CVE-2024-43998
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-16.84% / 94.69%
||
7 Day CHG+0.73%
Published-01 Nov, 2024 | 14:17
Updated-08 Nov, 2024 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blogpoet theme <= 1.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.

Action-Not Available
Vendor-websiteinwpWebsiteinWPwebsiteinwp
Product-blogpoetBlogpoetblogpoet
CWE ID-CWE-862
Missing Authorization
CVE-2024-39640
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.94%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:17
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Feed Gallery plugin <= 4.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9.

Action-Not Available
Vendor-QuadLayersquadlayers
Product-WP Social Feed Gallerywp_social_feed_gallery
CWE ID-CWE-862
Missing Authorization
CVE-2024-38771
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.45%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:17
Updated-05 Nov, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Atarim plugin <= 4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0.

Action-Not Available
Vendor-Atarimatarim
Product-Atarimatarim
CWE ID-CWE-862
Missing Authorization
CVE-2020-36697
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.3||HIGH
EPSS-0.09% / 25.72%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-28 Dec, 2024 | 00:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings.

Action-Not Available
Vendor-appsaloonkoenhuybrechts
Product-wp_gdprWP GDPR
CWE ID-CWE-862
Missing Authorization
CVE-2024-33919
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.06%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:31
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.

Action-Not Available
Vendor-Romethemerometheme
Product-RomethemeKit For Elementorromethemekit_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-25929
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.81%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 10:30
Updated-11 Oct, 2024 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Catalog Mode For Woocommerce plugin <= 5.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5.

Action-Not Available
Vendor-multivendorxMultiVendorX
Product-product_catalog_mode_for_woocommerceProduct Catalog Enquiry for WooCommerce by MultiVendorX
CWE ID-CWE-862
Missing Authorization
CVE-2022-41698
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.77%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 10:13
Updated-03 Aug, 2024 | 12:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress If Menu – Visibility control for Menus plugin <= 0.16.3 - Broken Access Control

Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.

Action-Not Available
Vendor-LayeredWordPress.org
Product-If Menuadserve
CWE ID-CWE-862
Missing Authorization
CVE-2022-46795
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.63%
||
7 Day CHG+0.01%
Published-13 Dec, 2024 | 14:22
Updated-05 Jun, 2025 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 4.7.2 - CSRF Plugin Settings Reset vulnerability

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2.

Action-Not Available
Vendor-tychesoftwaresTyche Softwares
Product-print_invoice_\&_delivery_notes_for_woocommercePrint Invoice & Delivery Notes for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2022-45832
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 62.99%
||
7 Day CHG~0.00%
Published-19 Jun, 2024 | 14:32
Updated-08 Aug, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Attorney theme <= 3 - Unauth. Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Hennessey Digital Attorney.This issue affects Attorney: from n/a through 3.

Action-Not Available
Vendor-Hennessey Digitalhennessey
Product-Attorneyattorney
CWE ID-CWE-862
Missing Authorization
CVE-2022-45830
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.47%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 15:02
Updated-05 Jun, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Analytify - Google Analytics Dashboard plugin <= 4.2.3 - Privilege Escalation vulnerability

Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.

Action-Not Available
Vendor-analytifyAnalytify
Product-analytify_-_google_analytics_dashboardAnalytify
CWE ID-CWE-862
Missing Authorization
CVE-2024-6755
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 54.87%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 02:33
Updated-03 Sep, 2024 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Social Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘wpw_auto_poster_quick_delete_multiple’ function in all versions up to, and including, 5.3.14. This makes it possible for unauthenticated attackers to delete arbitrary posts.

Action-Not Available
Vendor-WPWeb Elite
Product-social_auto_posterSocial Auto Postersocial_auto_poster
CWE ID-CWE-862
Missing Authorization
CVE-2024-5940
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 02:03
Updated-26 Aug, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_request' function in all versions up to, and including, 3.13.0. This makes it possible for unauthenticated attackers to edit event ticket settings if the Events beta feature is enabled.

Action-Not Available
Vendor-GiveWP
Product-givewpGiveWP – Donation Plugin and Fundraising Platformgivewp_donation_plugin_and_fundraising_platform
CWE ID-CWE-862
Missing Authorization
CVE-2024-5861
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 52.09%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 03:17
Updated-01 Aug, 2024 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the wpep_square_disconnect() function in all versions up to, and including, 4.2.3. This makes it possible for unauthenticated attackers to disconnect square.

Action-Not Available
Vendor-wpeasypaywpexpertsiowpeasypay
Product-wp_easypayWP EasyPay – Square for WordPresswp_easypay
CWE ID-CWE-862
Missing Authorization
CVE-2022-38057
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.60%
||
7 Day CHG~0.00%
Published-25 Mar, 2024 | 11:36
Updated-30 Jun, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.

Action-Not Available
Vendor-themehunkThemeHunkthemehunk
Product-th_advance_product_searchAdvance WordPress Search Pluginadvanced_wordpress_search
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-862
Missing Authorization
CVE-2024-56001
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.54%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ksher plugin <= 1.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through 1.1.1.

Action-Not Available
Vendor-Ksher
Product-Ksher
CWE ID-CWE-862
Missing Authorization
CVE-2024-55995
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 13:51
Updated-31 Dec, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Torod plugin <= 1.7 - Settings Change vulnerability

Missing Authorization vulnerability in Torod Holding LTD Torod allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Torod: from n/a through 1.7.

Action-Not Available
Vendor-Torod Holding LTD
Product-Torod
CWE ID-CWE-862
Missing Authorization
CVE-2022-36418
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 46.16%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 15:51
Updated-23 May, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HREFLANG Tags Lite Plugin <= 2.0.0 is vulnerable to Broken Authentication

Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0.

Action-Not Available
Vendor-dcgwsVagary Digital
Product-hreflang_tags_liteHREFLANG Tags Lite
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found