Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-2789

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-05 Apr, 2025 | 05:32
Updated At-07 Apr, 2025 | 14:11
Rejected At-
Credits

MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion

The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19. This makes it possible for unauthenticated attackers to delete Table Rates that can impact the shipping cost calculations.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:05 Apr, 2025 | 05:32
Updated At:07 Apr, 2025 | 14:11
Rejected At:
▼CVE Numbering Authority (CNA)
MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion

The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19. This makes it possible for unauthenticated attackers to delete Table Rates that can impact the shipping cost calculations.

Affected Products
Vendor
wcmp
Product
MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy
Default Status
unaffected
Versions
Affected
  • From * through 4.2.19 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Brian Sans-Souci
Timeline
EventDate
Discovered2025-01-05 00:00:00
Disclosed2025-04-04 16:21:21
Event: Discovered
Date: 2025-01-05 00:00:00
Event: Disclosed
Date: 2025-04-04 16:21:21
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/bf4eca37-066f-428c-a4f7-061ce06e1142?source=cve
N/A
https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.19/packages/mvx-tablerate/mvx-tablerate.php#L78
N/A
https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.19/packages/mvx-tablerate/mvx-tablerate.php#L211
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/bf4eca37-066f-428c-a4f7-061ce06e1142?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.19/packages/mvx-tablerate/mvx-tablerate.php#L78
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.19/packages/mvx-tablerate/mvx-tablerate.php#L211
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:05 Apr, 2025 | 06:15
Updated At:04 Jun, 2025 | 22:26

The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19. This makes it possible for unauthenticated attackers to delete Table Rates that can impact the shipping cost calculations.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CPE Matches
multivendorx
multivendorx
>>multivendorx>>Versions before 4.2.20(exclusive)
cpe:2.3:a:multivendorx:multivendorx:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarysecurity@wordfence.com
CWE ID: CWE-862
Type: Primary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.19/packages/mvx-tablerate/mvx-tablerate.php#L211security@wordfence.com
Product
https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.19/packages/mvx-tablerate/mvx-tablerate.php#L78security@wordfence.com
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/bf4eca37-066f-428c-a4f7-061ce06e1142?source=cvesecurity@wordfence.com
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.19/packages/mvx-tablerate/mvx-tablerate.php#L211
Source: security@wordfence.com
Resource:
Product
Hyperlink: https://plugins.trac.wordpress.org/browser/dc-woocommerce-multi-vendor/tags/4.2.19/packages/mvx-tablerate/mvx-tablerate.php#L78
Source: security@wordfence.com
Resource:
Product
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/bf4eca37-066f-428c-a4f7-061ce06e1142?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

595Records found
CVE-2023-25703
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 35.19%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Meta slider and carousel with lightbox plugin <= 1.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Meta slider and carousel with lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta slider and carousel with lightbox: from n/a through 1.6.2.

Action-Not Available
Vendor-WP OnlineSupport, Essential Pluginessentialplugin
Product-Meta slider and carousel with lightboxmeta_slider_and_carousel_with_lightbox
CWE ID-CWE-862
Missing Authorization
CVE-2024-35174
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.81%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 10:18
Updated-02 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability

Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through 1.0.42.

Action-Not Available
Vendor-Flothemesflothemes
Product-Flo Formsflo_forms
CWE ID-CWE-862
Missing Authorization
CVE-2023-26522
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.61%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Repost plugin <= 0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in OneWebsite WP Repost allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Repost: from n/a through 0.1.

Action-Not Available
Vendor-OneWebsiteonewebsite
Product-WP Repostwp_repost
CWE ID-CWE-862
Missing Authorization
CVE-2024-37921
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG+0.01%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Chained Quiz plugin <= 1.3.2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kiboko Labs Chained Quiz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chained Quiz: from n/a through 1.3.2.8.

Action-Not Available
Vendor-Kiboko Labskibokolabs
Product-Chained Quizchained_quiz
CWE ID-CWE-862
Missing Authorization
CVE-2024-32814
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.73%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:40
Updated-09 Aug, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Local Pickup for WooCommerce plugin <= 1.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.6.1.

Action-Not Available
Vendor-Zoremzorem
Product-Advanced Local Pickup for WooCommerceadvanced_local_pickup_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-25785
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.50%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 14:43
Updated-08 Aug, 2024 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Post Rating plugin <= 2.5 - Vote Manipulation Vulnerability

Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5.

Action-Not Available
Vendor-Shoaib Saleemshoaibsaleem
Product-WP Post Ratingwp_post_rating
CWE ID-CWE-862
Missing Authorization
CVE-2024-33908
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.36%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 19:15
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WidgetKit plugin <= 2.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0.

Action-Not Available
Vendor-Themesgrove
Product-WidgetKit
CWE ID-CWE-862
Missing Authorization
CVE-2024-32798
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.15%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:51
Updated-10 Feb, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Travel Engine plugin <= 5.8.0 - Price Manipulation vulnerability

Missing Authorization vulnerability in WP Travel Engine.This issue affects WP Travel Engine: from n/a through 5.8.0.

Action-Not Available
Vendor-wptravelengineWP Travel Enginewptravelengine
Product-wp_travel_engineWP Travel Enginewp_travel_engine
CWE ID-CWE-862
Missing Authorization
CVE-2024-32675
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.05%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:26
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Order Limit for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through 2.0.0.

Action-Not Available
Vendor-Xfinity Softxfinity_soft
Product-Order Limit for WooCommerceorder_limit_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-38504
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 0.57%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 10:42
Updated-23 Aug, 2024 | 02:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrack
CWE ID-CWE-862
Missing Authorization
CVE-2024-32719
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.77%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 12:21
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Club Manager plugin <= 2.2.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Club Manager.This issue affects WP Club Manager: from n/a through 2.2.11.

Action-Not Available
Vendor-WP Club Manager
Product-WP Club Manager
CWE ID-CWE-862
Missing Authorization
CVE-2020-1996
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 57.47%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 19:07
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Panorama management server log injection

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-862
Missing Authorization
CVE-2024-32684
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.33%
||
7 Day CHG~0.00%
Published-22 Apr, 2024 | 10:38
Updated-09 Feb, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability

Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5.

Action-Not Available
Vendor-wpmetWpmet
Product-wp_ultimate_reviewWp Ultimate Review
CWE ID-CWE-862
Missing Authorization
CVE-2024-38771
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.41%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:17
Updated-05 Nov, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Atarim plugin <= 4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Atarim allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Atarim: from n/a through 4.0.

Action-Not Available
Vendor-Atarimatarim
Product-Atarimatarim
CWE ID-CWE-862
Missing Authorization
CVE-2024-33545
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.10%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:10
Updated-01 Nov, 2024 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WZone plugin <= 14.0.10 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.

Action-Not Available
Vendor-aa-teamAA-Team
Product-wzoneWZone
CWE ID-CWE-862
Missing Authorization
CVE-2024-3268
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 55.77%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 11:33
Updated-07 Feb, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress <= 3.3.6 - Missing Authorization to Arbitrary Post/Page Creation

The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it possible for unauthenticated attackers to create arbitrary posts or pages.

Action-Not Available
Vendor-emarketdesignemarket-design
Product-youtube_video_galleryYouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2024-32725
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.73%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 16:52
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 5 Stars Rating Funnel plugin 1.2.67 - Broken Access Control vulnerability

Missing Authorization vulnerability in Saleswonder 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67.

Action-Not Available
Vendor-Saleswonder5_stars_rating_funnel_project
Product-5 Stars Rating Funnel5_stars_rating_funnel
CWE ID-CWE-862
Missing Authorization
CVE-2024-32792
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.40%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:57
Updated-29 May, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.

Action-Not Available
Vendor-Incsub, LLC
Product-hummingbirdHummingbird
CWE ID-CWE-862
Missing Authorization
CVE-2023-25035
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 26.03%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quick Contact Form plugin <= 8.0.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8.0.3.1.

Action-Not Available
Vendor-Fullworksfullworksplugins
Product-Quick Contact Formquick_contact_form
CWE ID-CWE-862
Missing Authorization
CVE-2023-25454
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.03%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Protected Posts Logout Button plugin <= 1.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5.

Action-Not Available
Vendor-Nate ReistWordPress.org
Product-Protected Posts Logout Buttonnate_reist_protected_posts_logout_button
CWE ID-CWE-862
Missing Authorization
CVE-2024-32820
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.73%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:35
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerability

Missing Authorization vulnerability in Social Share Pro Social Share Icons & Social Share Buttons.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.6.2.

Action-Not Available
Vendor-Social Share Prosocialshare
Product-Social Share Icons & Social Share Buttonssocial_share_icons_\&_social_share_buttons
CWE ID-CWE-862
Missing Authorization
CVE-2024-32727
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.73%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 15:02
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through 1.1.2.

Action-Not Available
Vendor-Romethemerometheme
Product-RomethemeForm For Elementorromethemeform_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2023-25048
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.21%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fantastic Content Protector Free plugin <= 2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fantastic Plugins Fantastic Content Protector Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fantastic Content Protector Free: from n/a through 2.6.

Action-Not Available
Vendor-Fantastic Pluginsfantastic_plugins
Product-Fantastic Content Protector Freefantastic_content_protector_free
CWE ID-CWE-862
Missing Authorization
CVE-2024-33931
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.05%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:19
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JW Player for WordPress plugin <= 2.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3.

Action-Not Available
Vendor-ilGhera
Product-JW Player for WordPress
CWE ID-CWE-862
Missing Authorization
CVE-2023-25060
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 35.19%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Album and Image Gallery plus Lightbox plugin <= 1.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Album and Image Gallery plus Lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Album and Image Gallery plus Lightbox: from n/a through 1.6.2.

Action-Not Available
Vendor-WP OnlineSupport, Essential Pluginwp_onlinesupport_essential_plugin
Product-Album and Image Gallery plus Lightboxalbum_and_image_gallery_plus_lightbox
CWE ID-CWE-862
Missing Authorization
CVE-2024-32677
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.05%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:24
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0.

Action-Not Available
Vendor-LoginPress
Product-LoginPress Pro
CWE ID-CWE-862
Missing Authorization
CVE-2023-2448
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 60.41%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 15:33
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode.

Action-Not Available
Vendor-userpropluginn/a
Product-userproUserPro - Community and User Profile WordPress Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-32678
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 25.21%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:21
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TrackShip for WooCommerce plugin <= 1.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5.

Action-Not Available
Vendor-TrackShip
Product-TrackShip for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-23893
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.21%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Giveaways plugin <= 2.48.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Igor Benic Simple Giveaways allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Giveaways: from n/a through 2.48.0.

Action-Not Available
Vendor-Igor Benicibenic
Product-Simple Giveawayssimple_giveaways
CWE ID-CWE-862
Missing Authorization
CVE-2024-37220
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG+0.01%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Optinly plugin <= 1.0.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in OptinlyHQ Optinly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optinly: from n/a through 1.0.18.

Action-Not Available
Vendor-OptinlyHQoptinly
Product-Optinlyoptinly
CWE ID-CWE-862
Missing Authorization
CVE-2023-2299
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.10%
||
7 Day CHG~0.00%
Published-03 Jun, 2023 | 04:35
Updated-10 Jun, 2025 | 12:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin's settings.

Action-Not Available
Vendor-vcitavcita
Product-online_booking_\&_scheduling_calendarOnline Booking & Scheduling Calendar for WordPress by vcita
CWE ID-CWE-862
Missing Authorization
CVE-2024-33587
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.37%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 12:40
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Secure Copy Content Protection and Content Locking plugin <= 3.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.9.0.

Action-Not Available
Vendor-AYS Pro Extensions
Product-Secure Copy Content Protection and Content Lockingsecure_copy_content_protection_and_content_locking
CWE ID-CWE-862
Missing Authorization
CVE-2024-32715
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.82%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 16:53
Updated-29 May, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Olive One Click Demo Import plugin <= 1.1.1 - Arbitrary File Download vulnerability

Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.

Action-Not Available
Vendor-olivethemesOlive Themesolivethemes
Product-olive_one_click_demo_importOlive One Click Demo Importolive_one_click_demo_import
CWE ID-CWE-862
Missing Authorization
CVE-2023-23887
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.61%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Google Analytics for WordPress plugin <= 1.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n/a through 1.6.0.

Action-Not Available
Vendor-Shaonibenic
Product-Easy Google Analytics for WordPresssimple_giveaways
CWE ID-CWE-862
Missing Authorization
CVE-2024-32951
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.04%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 06:59
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerability

Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.

Action-Not Available
Vendor-BloomPixelWordPress.org
Product-Max Addons Pro for Bricksmax_addons_pro_for_bricks
CWE ID-CWE-862
Missing Authorization
CVE-2024-34821
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.88%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:03
Updated-07 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability

Missing Authorization vulnerability in Contact List PRO Contact List – Easy Business Directory, Staff Directory and Address Book Plugin.This issue affects Contact List – Easy Business Directory, Staff Directory and Address Book Plugin: from n/a through 2.9.87.

Action-Not Available
Vendor-contactlistproContact List PROtammersoft
Product-contact_listContact List – Easy Business Directory, Staff Directory and Address Book Plugincontact_list
CWE ID-CWE-862
Missing Authorization
CVE-2024-34753
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.75%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:01
Updated-07 Aug, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Radio Player plugin <= 2.0.73 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.

Action-Not Available
Vendor-softlabbdSoftLabsoftlab
Product-radio_playerRadio Playerradio_player
CWE ID-CWE-862
Missing Authorization
CVE-2024-33920
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.32%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:30
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Democracy Poll plugin <= 6.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kama Democracy Poll.This issue affects Democracy Poll: from n/a through 6.0.3.

Action-Not Available
Vendor-Kama
Product-Democracy Poll
CWE ID-CWE-862
Missing Authorization
CVE-2024-32802
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 42.97%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:38
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Better Messages plugin <= 2.4.32 - Broken Authentication vulnerability

Missing Authorization vulnerability in WordPlus BP Better Messages allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BP Better Messages: from n/a through 2.4.32.

Action-Not Available
Vendor-WordPlus
Product-BP Better Messages
CWE ID-CWE-862
Missing Authorization
CVE-2024-32679
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.32%
||
7 Day CHG~0.00%
Published-23 Apr, 2024 | 14:12
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Shared Files PRO Shared Files.This issue affects Shared Files: from n/a through 1.7.16.

Action-Not Available
Vendor-Shared Files PROtammersoft
Product-Shared Filesshared_files
CWE ID-CWE-862
Missing Authorization
CVE-2024-33596
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.36%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 08:27
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Five Star Restaurant Reservations plugin <= 2.6.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16.

Action-Not Available
Vendor-Five Star Pluginsfivestarplugins
Product-Five Star Restaurant Reservationsfive_star_restaurant_reservations
CWE ID-CWE-862
Missing Authorization
CVE-2024-33929
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 23.32%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:21
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Directorist plugin <= 7.8.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in wpWax Directorist.This issue affects Directorist: from n/a through 7.8.6.

Action-Not Available
Vendor-wpWaxWordPress.org
Product-Directoristdirectorist
CWE ID-CWE-862
Missing Authorization
CVE-2024-32799
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.10%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 12:50
Updated-05 Feb, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Property Listings plugin <= 3.5.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3.

Action-Not Available
Vendor-realestateconnectedMerv Barrettrealestateconnected
Product-easy_property_listingsEasy Property Listingseasy_property_listings
CWE ID-CWE-862
Missing Authorization
CVE-2024-32826
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.33%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 11:09
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vektor,Inc. VK Block Patterns.This issue affects VK Block Patterns: from n/a through 1.31.0.

Action-Not Available
Vendor-Vektor,Inc.
Product-VK Block Patterns
CWE ID-CWE-862
Missing Authorization
CVE-2024-33944
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.73%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 11:26
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerability

Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2.

Action-Not Available
Vendor-Kestrelkestrel_woocommerce
Product-WooCommerce AWeber Newsletter Subscriptionawber_newsletter_subscription
CWE ID-CWE-862
Missing Authorization
CVE-2024-33919
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.04%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 08:31
Updated-02 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.

Action-Not Available
Vendor-Romethemerometheme
Product-RomethemeKit For Elementorromethemekit_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-31297
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.79%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 15:58
Updated-24 Mar, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wholesale For WooCommerce plugin <= 2.3.1 - Unauthenticated Arbitrary Post/Page vulnerability

Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.

Action-Not Available
Vendor-wpexpertsWPExpertswpexperts
Product-wholesale_for_woocommerceWholesale For WooCommercewholesale_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-31284
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.78%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:10
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8.

Action-Not Available
Vendor-WPDeveloper
Product-embedpressEmbedPressembedpress
CWE ID-CWE-862
Missing Authorization
CVE-2024-32518
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.36%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:36
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PeproDev Ultimate Invoice plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 2.0.0.

Action-Not Available
Vendor-Pepro Dev. Group
Product-PeproDev Ultimate Invoice
CWE ID-CWE-862
Missing Authorization
CVE-2023-1262
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-8.2||HIGH
EPSS-0.06% / 17.75%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 20:30
Updated-26 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing MAC layer security in Wi-SUN Linux Border Router

Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network.

Action-Not Available
Vendor-silabssilabs.com
Product-wireless_smart_ubiquitous_network_linux_border_router_firmwarewireless_smart_ubiquitous_network_linux_border_routerWi-SUN Linux Border Router
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 11
  • 12
  • Next
Details not found