Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8.
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded.
Missing Authorization vulnerability in QuadLayers WP Social Feed Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Feed Gallery: from n/a through 4.3.9.
Missing Authorization vulnerability in Fetch Designs Sign-up Sheets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sign-up Sheets: from n/a through 2.2.12.
Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11.
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9.
Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8.
In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
Missing Authorization vulnerability in OptinlyHQ Optinly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optinly: from n/a through 1.0.18.
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams.
Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1.
Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21.
Missing Authorization vulnerability in Wpmet Elements kit Elementor addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elements kit Elementor addons: from n/a through 3.1.4.
Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3.
Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5.
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.
Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.
Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1.
Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2.
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4.
Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2.
Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.
Missing Authorization vulnerability in namithjawahar Insert Post Ads.This issue affects Insert Post Ads: from n/a through 1.3.2.
Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through 2.9.87.
Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4.
Missing Authorization vulnerability in nofearinc DX Delete Attached Media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DX Delete Attached Media: from n/a through 2.0.5.1.
Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3.
Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.2.
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.
Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82.
Missing Authorization vulnerability in If So Plugin If-So Dynamic Content Personalization.This issue affects If-So Dynamic Content Personalization: from n/a through 1.7.1.
Missing Authorization vulnerability in Kama Democracy Poll.This issue affects Democracy Poll: from n/a through 6.0.3.
Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.8.
Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2.
Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.5.
Missing Authorization vulnerability in wpWax Directorist.This issue affects Directorist: from n/a through 7.8.6.
Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0.
Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0.
Missing Authorization vulnerability in WP Club Manager.This issue affects WP Club Manager: from n/a through 2.2.11.
Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.9.0.
Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3.
Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5.
Missing Authorization vulnerability in Saleswonder 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67.
Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16.
Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.1.
The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it possible for unauthenticated attackers to create arbitrary posts or pages.
Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.