The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server
Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 2.3.0.
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded.
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces.
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository.
The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init() function in all versions up to, and including, 2.7. This makes it possible for unauthenticated attackers to delete arbitrary transient values on the WordPress site.
Missing Authorization vulnerability in Illia Simple Like Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: from n/a through 1.5.3.
Missing Authorization vulnerability in Eupago Eupago Gateway For Woocommerce eupago-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eupago Gateway For Woocommerce: from n/a through <= 4.6.3.
Missing Authorization vulnerability in Evan Herman Post Cloner post-cloner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Cloner: from n/a through <= 1.0.0.
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5.
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.
Missing Authorization vulnerability in mmattax Formstack Online Forms formstack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formstack Online Forms: from n/a through <= 2.0.2.
Missing Authorization vulnerability in CridioStudio ListingPro listingpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingPro: from n/a through <= 2.9.9.
Missing Authorization vulnerability in Aum Watcharapon Featured Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image Generator: from n/a through 1.3.3.
Missing Authorization vulnerability in Quadlayers QuadLayers TikTok Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QuadLayers TikTok Feed: from n/a through 4.6.4.
Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5.
Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3.
Missing Authorization vulnerability in WP Grids EasyTest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through 1.0.1.
Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: from n/a through 2.13.0.
Missing Authorization vulnerability in berthaai BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through <= 1.13.
The Omnishop plugin for WordPress is vulnerable to Unauthenticated Registration Bypass in all versions up to, and including, 1.0.9. Its /users/register endpoint is exposed to the public (permission_callback always returns true) and invokes wp_create_user() unconditionally, ignoring the site’s users_can_register option and any nonce or CAPTCHA checks. This makes it possible for unauthenticated attackers to create arbitrary user accounts (customer) on sites where registrations should be closed.
Missing Authorization vulnerability in Channelize.Io Team Live Shopping & Shoppable Videos For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through 2.2.0.
Missing Authorization vulnerability in CedCommerce WP Advanced PDF allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Advanced PDF: from n/a through 1.1.7.
Missing Authorization vulnerability in NewClarity DMCA Protection Badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through 2.2.0.
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.
Missing Authorization vulnerability in themerain ThemeRain Core themerain-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeRain Core: from n/a through <= 1.1.9.
Missing Authorization vulnerability in Wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through 1.4.99.
Missing Authorization vulnerability in 101gen Wawp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through 4.0.5.
Missing Authorization vulnerability in Quadlayers AI Copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through 1.4.7.
Missing Authorization vulnerability in Nik Melnik Realbig allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through 1.1.3.
The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete arbitrary support tickets.
Missing Authorization vulnerability in Yext Yext allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yext: from n/a through 1.1.3.
Missing Authorization vulnerability in Ex-Themes WooEvents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooEvents: from n/a through 4.1.7.
Missing Authorization vulnerability in wedos.com WEDOS Global allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEDOS Global: from n/a through 1.2.2.
Missing Authorization vulnerability in loopus WP Virtual Assistant allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Virtual Assistant: from n/a through 3.0.
Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.
Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.
The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging.
Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PeachPay Payments: from n/a through 1.117.4.
Missing Authorization vulnerability in ThimPress WP Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Events Manager: from n/a through 2.2.1.
Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cecabank WooCommerce Plugin: from n/a through 0.3.4.
Missing Authorization vulnerability in memberful Memberful allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Memberful: from n/a through 1.75.0.
Missing Authorization vulnerability in guihom Wide Banner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wide Banner: from n/a through 1.0.4.
Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.
Missing Authorization vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Support Genix: from n/a through 1.4.23.
Missing Authorization vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4.4.
Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.2.
Missing Authorization vulnerability in Sumit Singh Classic Widgets with Block-based Widgets allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Classic Widgets with Block-based Widgets: from n/a through 1.0.1.
Missing Authorization vulnerability in andy_moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Church Admin: from n/a through 5.0.26.