Missing Authorization vulnerability in themeqx GDPR Cookie Notice allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR Cookie Notice: from n/a through 1.2.0.
Missing Authorization vulnerability in Galaxy Weblinks WP Clone any post type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Clone any post type: from n/a through 3.4.
Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.
Missing Authorization vulnerability in matthewrubin Local Magic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Local Magic: from n/a through 2.6.0.
Missing Authorization vulnerability in jeffikus WooTumblog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooTumblog: from n/a through 2.1.4.
Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60.
The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site.
Missing Authorization vulnerability in matthewrubin Review Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Review Manager: from n/a through 2.2.0.
Missing Authorization vulnerability in BeastThemes Clockinator Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clockinator Lite: from n/a through 1.0.7.
Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
Missing Authorization vulnerability in richtexteditor Rich Text Editor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Text Editor: from n/a through 1.0.1.
Missing Authorization vulnerability in OLIVESYSTEM 診断ジェネレータ作成プラグイン allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects 診断ジェネレータ作成プラグイン: from n/a through 1.4.16.
Missing Authorization vulnerability in themeton Acerola allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acerola: from n/a through 1.6.5.
Missing Authorization vulnerability in Simplepress Simple:Press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple:Press: from n/a through 6.10.11.
Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JS Job Manager: from n/a through 2.0.2.
Missing Authorization vulnerability in PickPlugins Question Answer allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Question Answer: from n/a through 1.2.70.
Missing Authorization vulnerability in amazewp fluXtore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects fluXtore: from n/a through 1.6.0.
Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.2.
Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.
Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Residential Address Detection: from n/a through 2.5.4.
Missing Authorization vulnerability in WPFactory WordPress Adverts Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Adverts Plugin: from n/a through 1.4.
Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.19.
The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation/deactivation due to a missing capability check on the 'sparkling_activate_plugin' and 'sparkling_deactivate_plugin' functions in versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to activate/deactivate arbitrary plugins.
The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the "Profiler" page.
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized arbitrary emails sending due to a missing capability check on the sendEmailToJobSeeker() function in all versions up to, and including, 2.2.6. This makes it possible for unauthenticated attackers to send arbitrary emails with arbitrary content from the sites mail server.
Missing Authorization vulnerability in Giannis Kipouros Terms & Conditions Per Product allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Terms & Conditions Per Product: from n/a through 1.2.15.
The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'reales_delete_file', 'reales_delete_file_plans', 'reales_add_to_favourites', and 'reales_remove_from_favourites' functions in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary attachments, and add or remove favorite property listings for any user.
Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6.
The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to add arbitrary videos to any portfolio gallery.
Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5.
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.
Missing Authorization vulnerability in Elementor Elementor Pro.This issue affects Elementor Pro: from n/a through 3.13.0.
Missing Authorization vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.2.1.
Missing Authorization vulnerability in alexvtn Chatbox Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Chatbox Manager: from n/a through 1.2.2.
Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51.
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.29.
The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attackers to delete questions and attendees and for authenticated users to update question menu orders.
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.
The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.
Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.
Missing Authorization vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through 5.0.5.1.
Missing Authorization vulnerability in Jogesh Responsive Google Map allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Google Map: from n/a through 3.1.5.
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswn_create_discount() function in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create coupons.
The Raptive Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the site_ads_files_reset() and cls_file_reset() functions in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to reset the ad and cls files.
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms.
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.
Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2.
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.
Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.