Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ni WooCommerce Product Enquiry: from n/a through 4.1.8.
Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8.
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_settings_callback function in versions up to, and including, 4.4.6. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to modify the plugins settings, upload arbitrary files, and inject malicious JavaScript (before 4.3.2).
Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media & Share Icons: from n/a through 2.8.1.
Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0.
Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: from n/a through 1.8.4.
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
The ECPay Ecommerce for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clear_ecpay_debug_log' AJAX action in all versions up to, and including, 1.1.2411060. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear the plugin's log files.
Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8.
Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsf_reset_section_options', 'gsf_reset_section_options', 'gsf_create_preset_options' and more in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset and modify some of the plugin/theme settings. This issue was escalated to Envato over two months from the date of this disclosure and the issues, while partially patched, are still vulnerable.
Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0.
A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
Missing Authorization vulnerability in Thomas Michalak Soundcloud Is Gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Soundcloud Is Gold: from n/a through 2.5.1.
Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3.
The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to enable or disable Elementor widgets.
Missing Authorization vulnerability in Eric Alli Google Typography.This issue affects Google Typography: from n/a through 1.1.2.
Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.
Missing Authorization vulnerability in WooCommerce & WordPress Tutorials Custom Thank You Page Customize For WooCommerce by Binary Carpenter.This issue affects Custom Thank You Page Customize For WooCommerce by Binary Carpenter: from n/a through 1.4.12.
Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0.
Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3.
Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0.
The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both.
Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4.
Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through 7.1.6.
Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13.
Missing Authorization vulnerability in OntheGoSystems qTranslate X Cleanup and WPML Import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects qTranslate X Cleanup and WPML Import: from n/a through 3.0.1.
Missing Authorization vulnerability in WPClever WPC Grouped Product for WooCommerce.This issue affects WPC Grouped Product for WooCommerce: from n/a through 4.4.2.
Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.
Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.
Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1.
Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16.
Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through 0.1.0.24.
Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.
Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1.
Missing Authorization vulnerability in Salesforce Pardot.This issue affects Pardot: from n/a through 2.1.0.
Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.
Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2.
Missing Authorization vulnerability in Octolize Flexible Shipping.This issue affects Flexible Shipping: from n/a through 4.24.15.
Missing Authorization vulnerability in WP Desk Flexible Checkout Fields for WooCommerce.This issue affects Flexible Checkout Fields for WooCommerce: from n/a through 4.1.2.
Missing Authorization vulnerability in Premmerce Premmerce Product Filter for WooCommerce.This issue affects Premmerce Product Filter for WooCommerce: from n/a through 3.7.2.
Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.This issue affects WP Sort Order: from n/a through 1.3.1.
Missing Authorization vulnerability in Supsystic Popup by Supsystic.This issue affects Popup by Supsystic: from n/a through 1.10.27.
Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1.
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5.
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted.
Missing Authorization vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.1.0.
Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue affects RT Easy Builder – Advanced addons for Elementor: from n/a through 2.0.
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Missing Authorization vulnerability in Sliced Invoices.This issue affects Sliced Invoices: from n/a through 3.9.2.