Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Essential Blocks for Gutenberg: from n/a through 4.8.3.
Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business (Google Business Profile): from n/a through 3.1.14.
Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders. This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.10.
Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0.
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2.
Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3.
Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions `3.3.4` and `3.4.0.beta5` contain a patch for the issue. A workaround is available. If a user disables chat in their preferences then they cannot be added to new group chats.
Missing Authorization vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Duplicator: from n/a through 2.35.
Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1.
Missing Authorization vulnerability in ElementInvader ElementInvader Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.1.
Missing Authorization vulnerability in Foliovision FV Thoughtful Comments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FV Thoughtful Comments: from n/a through 0.3.5.
Missing Authorization vulnerability in Yehi Advanced Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Notifications: from n/a through 1.2.7.
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to create and delete countdowns as well as manipulate other plugin settings.
Missing Authorization vulnerability in AWcode & KingfisherFox Salvador – AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador – AI Image Generator: from n/a through 1.0.11.
Missing Authorization vulnerability in Sur.ly Sur.ly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sur.ly: from n/a through 3.0.3.
Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2.
Missing Authorization vulnerability in xola.com Xola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through 1.6.
Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13.
Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1.
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.
Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4.
Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2.
Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2.
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7.
Missing Authorization vulnerability in Goldstar Goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through 2.1.1.
Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0.
Missing Authorization vulnerability in theDotstore Product Size Charts Plugin for WooCommerce.This issue affects Product Size Charts Plugin for WooCommerce: from n/a through 2.4.5.
The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in ways administrators are intended to. One action (save_config) allows for the configuration of an external CDN. This could be used to include malicious javascript from a source controlled by the attacker.
An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability.
Missing Authorization vulnerability in Widget Options Team Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Widget Options: from n/a through 4.0.8.
Missing Authorization vulnerability in smackcoders AIO Performance Profiler, Monitor, Optimize, Compress & Debug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO Performance Profiler, Monitor, Optimize, Compress & Debug: from n/a through 1.2.
Missing Authorization vulnerability in Jason Funk Title Experiments Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Title Experiments Free: from n/a through 9.0.4.
The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate/deactivate plugin modules.
Missing Authorization vulnerability in Leap13 Disable Elementor Editor Translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Disable Elementor Editor Translation: from n/a through 1.0.2.
Missing Authorization vulnerability in Shakeeb Sadikeen RapidLoad allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RapidLoad: from n/a through 2.4.4.
Missing Authorization vulnerability in FameThemes OnePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OnePress: from n/a through 2.3.11.
Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1.
Missing Authorization vulnerability in Ugur CELIK WP News Sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through 1.0.
Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0.
Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address.
Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability
Missing Authorization vulnerability in Infomaniak Staff VOD Infomaniak allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VOD Infomaniak: from n/a through 1.5.9.
Missing Authorization vulnerability in Creative Werk Designs Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets.This issue affects Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets: from n/a through 1.8.2.
Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through 1.2.9.
Missing Authorization vulnerability in Hive Support Hive Support – WordPress Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.6.
Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47.
Missing Authorization vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.3.
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information.
Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.