Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-9584

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-25 Oct, 2024 | 17:32
Updated At-25 Oct, 2024 | 17:51
Rejected At-
Credits

Image Map Pro <= 6.0.20 - Missing Authorization to Authenticated (Contributor+) Map Project Add/Update/Delete

The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or above, to add, update or delete map projects.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:25 Oct, 2024 | 17:32
Updated At:25 Oct, 2024 | 17:51
Rejected At:
▼CVE Numbering Authority (CNA)
Image Map Pro <= 6.0.20 - Missing Authorization to Authenticated (Contributor+) Map Project Add/Update/Delete

The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or above, to add, update or delete map projects.

Affected Products
Vendor
imagemappro
Product
Image Map Pro – Drag-and-drop Builder for Interactive Images
Default Status
unaffected
Versions
Affected
  • From * through 6.0.20 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
István Márton
Timeline
EventDate
Discovered2024-10-05 00:00:00
Vendor Notified2024-10-05 00:00:00
Disclosed2024-10-24 00:00:00
Event: Discovered
Date: 2024-10-05 00:00:00
Event: Vendor Notified
Date: 2024-10-05 00:00:00
Event: Disclosed
Date: 2024-10-24 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/7c632452-8b13-4f78-aa8a-3c92bef5907f?source=cve
N/A
https://imagemappro.com/change-log/
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7c632452-8b13-4f78-aa8a-3c92bef5907f?source=cve
Resource: N/A
Hyperlink: https://imagemappro.com/change-log/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:25 Oct, 2024 | 18:15
Updated At:05 Nov, 2024 | 17:04

The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or above, to add, update or delete map projects.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CPE Matches
webcraftplugins
webcraftplugins
>>image_map_pro>>Versions up to 6.0.20(inclusive)
cpe:2.3:a:webcraftplugins:image_map_pro:*:*:*:*:-:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://imagemappro.com/change-log/security@wordfence.com
Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/7c632452-8b13-4f78-aa8a-3c92bef5907f?source=cvesecurity@wordfence.com
Third Party Advisory
Hyperlink: https://imagemappro.com/change-log/
Source: security@wordfence.com
Resource:
Release Notes
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/7c632452-8b13-4f78-aa8a-3c92bef5907f?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

275Records found
CVE-2024-21748
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.35%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 16:14
Updated-01 Aug, 2024 | 22:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21.

Action-Not Available
Vendor-icegramIcegram
Product-icegram_expressIcegram
CWE ID-CWE-862
Missing Authorization
CVE-2024-21751
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 37.26%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 08:05
Updated-25 Sep, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RabbitLoader plugin <= 2.19.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in RabbitLoader.This issue affects RabbitLoader: from n/a through 2.19.13.

Action-Not Available
Vendor-yoginetworkRabbitLoaderrabbitloader
Product-rabbitloaderRabbitLoaderrabbitloader
CWE ID-CWE-862
Missing Authorization
CVE-2024-20477
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.25% / 48.45%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 16:55
Updated-08 Oct, 2024 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to upload files into a specific container or delete files from a specific folder within that container. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_dashboard_fabric_controllernexus_dashboardCisco Data Center Network Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-1502
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.43%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 23:33
Updated-15 Jan, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS – eLearning and online course solution
CWE ID-CWE-862
Missing Authorization
CVE-2024-37207
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.72%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Demo Awesome plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme4Press Demo Awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Awesome: from n/a through 1.0.2.

Action-Not Available
Vendor-Theme4Press
Product-Demo Awesome
CWE ID-CWE-862
Missing Authorization
CVE-2024-5987
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 25.56%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 05:30
Updated-04 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Accessibility Helper <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_variations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit or delete contrast settings. Please note these issues were patched in 0.6.2.8, though it broke functionality and the vendor has not responded to our follow-ups.

Action-Not Available
Vendor-volkovvol4ikman
Product-wp_accessibility_helperWP Accessibility Helper (WAH)
CWE ID-CWE-862
Missing Authorization
CVE-2024-13541
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.42%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 03:21
Updated-25 Feb, 2025 | 03:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The aDirectory – WordPress Directory Listing Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the adqs_delete_listing() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.

Action-Not Available
Vendor-adirectoryadirectory
Product-adirectoryaDirectory – WordPress Directory Listing Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-55992
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.97%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 14:14
Updated-16 Dec, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Basic Ordernumbers plugin <= 1.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Open Tools WooCommerce Basic Ordernumbers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Basic Ordernumbers: from n/a through 1.4.4.

Action-Not Available
Vendor-Open Tools
Product-WooCommerce Basic Ordernumbers
CWE ID-CWE-862
Missing Authorization
CVE-2024-56244
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.36%
||
7 Day CHG~0.00%
Published-02 Jan, 2025 | 12:01
Updated-02 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ashe Extra plugin <= 1.2.92 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.92.

Action-Not Available
Vendor-Royal Elementor Addons
Product-Ashe Extra
CWE ID-CWE-862
Missing Authorization
CVE-2024-56234
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.36%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 10:25
Updated-31 Dec, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VW Automobile Lite theme <= 2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in VW THEMES VW Automobile Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Automobile Lite: from n/a through 2.1.

Action-Not Available
Vendor-VW THEMES
Product-VW Automobile Lite
CWE ID-CWE-862
Missing Authorization
CVE-2024-35663
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 29.17%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:17
Updated-09 Aug, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Translate plugin <= 5.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in HahnCreativeGroup WP Translate.This issue affects WP Translate: from n/a through 5.3.0.

Action-Not Available
Vendor-HahnCreativeGroup
Product-WP Translate
CWE ID-CWE-862
Missing Authorization
CVE-2022-36404
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 13.53%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 19:27
Updated-20 Feb, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.

Action-Not Available
Vendor-coledsDavid Cole
Product-simple_seoSimple SEO (WordPress plugin)
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-862
Missing Authorization
CVE-2024-55072
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.12%
||
7 Day CHG-0.02%
Published-27 Mar, 2025 | 00:00
Updated-30 Apr, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household.

Action-Not Available
Vendor-mealien/a
Product-mealien/a
CWE ID-CWE-862
Missing Authorization
CVE-2024-5087
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 45.95%
||
7 Day CHG+0.06%
Published-08 Jun, 2024 | 05:44
Updated-31 Oct, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the license key, which could disable features of the plugin.

Action-Not Available
Vendor-webfactoryltdwebfactory
Product-minimal_coming_soon_\&_maintenance_modeMinimal Coming Soon – Coming Soon Page
CWE ID-CWE-862
Missing Authorization
CVE-2024-51817
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.42%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:30
Updated-20 Nov, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Combo WP Rewrite Slugs plugin <= 1.0 - Settings Change vulnerability

Missing Authorization vulnerability in CodeZel Combo WP Rewrite Slugs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Combo WP Rewrite Slugs: from n/a through 1.0.

Action-Not Available
Vendor-CodeZel
Product-Combo WP Rewrite Slugs
CWE ID-CWE-862
Missing Authorization
CVE-2024-49689
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 24.42%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:30
Updated-20 Nov, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HD Quiz – Save Results Light plugin <= 0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Harmonic Design HD Quiz – Save Results Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz – Save Results Light: from n/a through 0.5.

Action-Not Available
Vendor-Harmonic Design
Product-HD Quiz – Save Results Light
CWE ID-CWE-862
Missing Authorization
CVE-2024-50423
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.72%
||
7 Day CHG+0.02%
Published-29 Oct, 2024 | 21:26
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.

Action-Not Available
Vendor-Templately
Product-Templately
CWE ID-CWE-862
Missing Authorization
CVE-2024-49686
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 21.36%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 13:57
Updated-31 Dec, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Landing Page Cat plugin <= 1.7.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fatcat Apps Landing Page Cat.This issue affects Landing Page Cat: from n/a through 1.7.4.

Action-Not Available
Vendor-Fatcat Apps
Product-Landing Page Cat
CWE ID-CWE-862
Missing Authorization
CVE-2024-48902
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-5.4||MEDIUM
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 10:34
Updated-16 Oct, 2024 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2025-0526
Matching Score-4
Assigner-Octopus Deploy
ShareView Details
Matching Score-4
Assigner-Octopus Deploy
CVSS Score-2.3||LOW
EPSS-0.07% / 21.06%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 10:09
Updated-02 Jul, 2025 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.

Action-Not Available
Vendor-Octopus Deploy Pty. Ltd.Microsoft Corporation
Product-windowsoctopus_serverOctopus Server
CWE ID-CWE-862
Missing Authorization
CVE-2024-45285
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.08% / 23.80%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 04:59
Updated-10 Sep, 2024 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform

The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP NetWeaver Application Server for ABAP and ABAP Platform
CWE ID-CWE-862
Missing Authorization
CVE-2024-44117
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.75%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 04:25
Updated-10 Sep, 2024 | 13:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform

The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application.

Action-Not Available
Vendor-SAP SE
Product-SAP NetWeaver Application Server for ABAP and ABAP Platform
CWE ID-CWE-862
Missing Authorization
CVE-2024-43273
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.72%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:17
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in icegram Icegram Collect plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect plugin: from n/a through 1.3.14.

Action-Not Available
Vendor-icegram
Product-Icegram Collect
CWE ID-CWE-862
Missing Authorization
CVE-2024-35662
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 37.26%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:31
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple COD Fees for WooCommerce plugin <= 2.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andreas Sofantzis Simple COD Fees for WooCommerce.This issue affects Simple COD Fees for WooCommerce: from n/a through 2.0.2.

Action-Not Available
Vendor-83pixelAndreas Sofantzis
Product-simple_cod_fees_for_woocommerceSimple COD Fees for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2020-5345
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.46% / 63.10%
||
7 Day CHG~0.00%
Published-23 Jun, 2020 | 20:00
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unisphere_for_powermaxpowermax_osemc_unisphere_for_powermax_virtual_applianceUnisphere for PowerMax
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found