Missing Authorization vulnerability in wooproductimporter Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1.
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3.
Missing Authorization vulnerability in 360 Javascript Viewer 360 Javascript Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through 1.7.11.
Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8.
Missing Authorization vulnerability in RevenueHunt Product Recommendation Quiz for eCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Recommendation Quiz for eCommerce: from n/a through 2.1.2.
Missing Authorization vulnerability in Metaphor Creations Ditty allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through 3.1.24.
Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0.
Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0.
Missing Authorization vulnerability in FeedFocal FeedFocal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FeedFocal: from n/a through 1.2.2.
Missing Authorization vulnerability in Toast Plugins Animator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animator: from n/a through 3.0.10.
Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through 2.4.5.
Missing Authorization vulnerability in IDX IMPress Listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IMPress Listings: from n/a through 2.6.2.
Missing Authorization vulnerability in Ovic Team Ovic Product Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through 1.1.2.
Missing Authorization vulnerability in Webba Appointment Booking Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 5.1.20.
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.4.0.
Missing Authorization vulnerability in Multi-column Tag Map.This issue affects Multi-column Tag Map: from n/a through 17.0.26.
Missing Authorization vulnerability in Gnuget MF Plus WPML allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MF Plus WPML: from n/a through 1.1.
Missing Authorization vulnerability in alexvtn Internal Linking of Related Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Linking of Related Contents: from n/a through 1.1.8.
Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist for WooCommerce: from n/a through 3.2.3.
Missing Authorization vulnerability in CodeSolz Ultimate Push Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Push Notifications: from n/a through 1.1.9.
Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Leadinfo: from n/a through 1.1.
Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Visual Header: from n/a through 1.3.
The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site.
Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through 2.1.2.
Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2.
The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings.
Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through 1.1.1.
Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.
Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WC Pickup Store: from n/a through 1.8.9.
Missing Authorization vulnerability in ChoPlugins Custom PC Builder Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom PC Builder Lite for WooCommerce: from n/a through 1.0.1.
Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 8.0.2.
Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Text to Speech: from n/a through 3.0.3.
Missing Authorization vulnerability in richtexteditor Rich Text Editor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Text Editor: from n/a through 1.0.1.
Missing Authorization vulnerability in NotFound Site Notify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Notify: from n/a through 1.0.
Missing Authorization vulnerability in QuantumCloud SEO Help allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SEO Help: from n/a through 6.6.1.
Missing Authorization vulnerability in OTWthemes Widget Manager Light allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Widget Manager Light: from n/a through 1.18.
Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Link Optimiser: from n/a through 5.1.2.
Missing Authorization vulnerability in Andy Stratton Append Content allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Append Content: from n/a through 2.1.1.
Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shopify to WooCommerce Migration: from n/a through 1.3.0.
Missing Authorization vulnerability in jeffikus WooTumblog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooTumblog: from n/a through 2.1.4.
Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Residential Address Detection: from n/a through 2.5.4.
Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.2.
Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.19.
The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19. This makes it possible for unauthenticated attackers to delete Table Rates that can impact the shipping cost calculations.
Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22.
Missing Authorization vulnerability in enituretechnology Small Package Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.9.
Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2.
The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset.
Missing Authorization vulnerability in miniOrange YourMembership Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YourMembership Single Sign On: from n/a through 1.1.3.