Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-46244

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-22 Apr, 2025 | 09:53
Updated At-22 Apr, 2025 | 16:33
Rejected At-
Credits

WordPress Advanced Linked Variations for Woocommerce <= 1.0.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:22 Apr, 2025 | 09:53
Updated At:22 Apr, 2025 | 16:33
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Advanced Linked Variations for Woocommerce <= 1.0.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3.

Affected Products
Vendor
Dotstore
Product
Advanced Linked Variations for Woocommerce
Collection URL
https://wordpress.org/plugins
Package Name
linked-variation
Default Status
unaffected
Versions
Affected
  • From n/a through 1.0.3 (custom)
    • -> unaffectedfrom1.0.4
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
Solutions

Update the WordPress Advanced Linked Variations for Woocommerce plugin to the latest available version (at least 1.0.4).

Configurations
Workarounds
Exploits
Credits
finder
ch4r0n (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/linked-variation/vulnerability/wordpress-advanced-linked-variations-for-woocommerce-1-0-3-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/linked-variation/vulnerability/wordpress-advanced-linked-variations-for-woocommerce-1-0-3-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:22 Apr, 2025 | 10:15
Updated At:29 Apr, 2025 | 18:37

Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
multidots
multidots
>>advanced_linked_variations_for_woocommerce>>Versions before 1.0.4(exclusive)
cpe:2.3:a:multidots:advanced_linked_variations_for_woocommerce:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primaryaudit@patchstack.com
CWE ID: CWE-862
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/linked-variation/vulnerability/wordpress-advanced-linked-variations-for-woocommerce-1-0-3-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
Third Party Advisory
Hyperlink: https://patchstack.com/database/wordpress/plugin/linked-variation/vulnerability/wordpress-advanced-linked-variations-for-woocommerce-1-0-3-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

703Records found
CVE-2024-39625
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG+0.01%
Published-01 Nov, 2024 | 14:17
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication Vulnerability

Missing Authorization vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24.

Action-Not Available
Vendor-icegramicegram
Product-Icegramicegram
CWE ID-CWE-862
Missing Authorization
CVE-2024-3893
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 07:33
Updated-14 Apr, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements.

Action-Not Available
Vendor-radiusthemetechlabpro1techlabpro1
Product-classified_listingClassified Listing – Classified ads & Business Directory Pluginclassified_listing_plugin
CWE ID-CWE-862
Missing Authorization
CVE-2024-1175
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.44%
||
7 Day CHG-0.01%
Published-06 Jun, 2024 | 03:53
Updated-01 Aug, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete arbitrary payments.

Action-Not Available
Vendor-plechevandreywppostwppost
Product-wp-recallWP-Recall – Registration, Profile, Commerce & Morewp-recall
CWE ID-CWE-862
Missing Authorization
CVE-2024-37926
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG+0.01%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.9.

Action-Not Available
Vendor-Alex Volkovvolkov
Product-WP Accessibility Helper (WAH)wp_accessibility_helper
CWE ID-CWE-862
Missing Authorization
CVE-2024-38748
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 62.80%
||
7 Day CHG+0.18%
Published-01 Nov, 2024 | 14:17
Updated-04 Apr, 2025 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EleForms plugin <= 2.9.9.9 - Broken Access Control vulnerability

Access Control vulnerability in TheInnovs EleForms allows . This issue affects EleForms: from n/a through 2.9.9.9.

Action-Not Available
Vendor-theinnovsTheInnovsthelnnovs
Product-eleformsEleFormseleforms
CWE ID-CWE-862
Missing Authorization
CVE-2024-39654
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.94%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:17
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fetch Designs Sign-up Sheets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sign-up Sheets: from n/a through 2.2.12.

Action-Not Available
Vendor-Fetch Designsfetchdesigns
Product-Sign-up Sheetssign-up_sheets
CWE ID-CWE-862
Missing Authorization
CVE-2023-29173
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.21%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Category Tree plugin <= 2.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in AWESOME TOGI Product Category Tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Category Tree: from n/a through 2.5.

Action-Not Available
Vendor-awesometogiAWESOME TOGI
Product-Product Category Treeproduct_category_tree
CWE ID-CWE-862
Missing Authorization
CVE-2024-38769
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG+0.01%
Published-01 Nov, 2024 | 14:17
Updated-20 Mar, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Arconix Shortcodes plugin <= 2.1.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tyche Softwares Arconix Shortcodes allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix Shortcodes: from n/a through 2.1.11.

Action-Not Available
Vendor-tychesoftwaresTyche Softwarestychesoftwares
Product-arconix_shortcodesArconix Shortcodesarconix_shortcodes
CWE ID-CWE-862
Missing Authorization
CVE-2024-38783
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG+0.01%
Published-01 Nov, 2024 | 14:17
Updated-20 Mar, 2025 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Arconix FAQ plugin <= 1.9.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tyche Softwares Arconix FAQ allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Arconix FAQ: from n/a through 1.9.4.

Action-Not Available
Vendor-tychesoftwaresTyche Softwarestychesoftwares
Product-arconix_faqArconix FAQacronix_faq
CWE ID-CWE-862
Missing Authorization
CVE-2024-38743
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG+0.01%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control vulnerability

Access Control vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows . This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0.

Action-Not Available
Vendor-Upqodeupqode
Product-Plum: Spin Wheel & Email Pop-upplum
CWE ID-CWE-862
Missing Authorization
CVE-2024-37094
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.2||HIGH
EPSS-0.31% / 53.45%
||
7 Day CHG+0.05%
Published-01 Nov, 2024 | 13:52
Updated-22 Jan, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MasterStudy LMS plugin <= 3.2.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.2.12.

Action-Not Available
Vendor-stylemixthemesStylemixThemesstylemixthemes
Product-masterstudy_lmsMasterStudy LMSmasterstudy_lms
CWE ID-CWE-862
Missing Authorization
CVE-2024-37123
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.84%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ibtana – WordPress Website Builder plugin <= 1.2.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in VowelWeb Ibtana allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ibtana: from n/a through 1.2.3.3.

Action-Not Available
Vendor-VowelWebvowelweb
Product-Ibtanaibtana
CWE ID-CWE-862
Missing Authorization
CVE-2024-37427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.84%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Timetics plugin <= 1.0.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through 1.0.21.

Action-Not Available
Vendor-Arrayticsarraytics
Product-Timeticstimetics
CWE ID-CWE-862
Missing Authorization
CVE-2024-37506
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG+0.01%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.

Action-Not Available
Vendor-WP Charitable LLC.
Product-Charitablecharitable
CWE ID-CWE-862
Missing Authorization
CVE-2024-37119
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.49% / 64.69%
||
7 Day CHG+0.07%
Published-01 Nov, 2024 | 14:18
Updated-11 Aug, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uncanny Automator Pro plugin < 5.3.0.1 - Unauthenticated License Settings Reset vulnerability

Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator Pro: from n/a through 5.3.0.0.

Action-Not Available
Vendor-Uncanny Owl Inc.
Product-uncanny_automatorUncanny Automator Prouncanny_automator
CWE ID-CWE-862
Missing Authorization
CVE-2024-37444
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.49% / 64.69%
||
7 Day CHG+0.07%
Published-01 Nov, 2024 | 14:18
Updated-28 May, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Defender plugin <= 4.7.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.7.1.

Action-Not Available
Vendor-Incsub, LLC
Product-defenderDefender Securitydefender_security
CWE ID-CWE-862
Missing Authorization
CVE-2024-37255
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.33%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:18
Updated-11 Apr, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ElementsKit Lite plugin <= 3.1.4 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Wpmet Elements kit Elementor addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elements kit Elementor addons: from n/a through 3.1.4.

Action-Not Available
Vendor-wpmetWpmetwpmet
Product-elements_kit_elementor_addonsElements kit Elementor addonselements_kit_elementor_addons
CWE ID-CWE-862
Missing Authorization
CVE-2024-37276
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.61%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Featured Image from URL (FIFU) plugin <= 4.8.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in fifu.App Featured Image from URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Image from URL: from n/a through 4.8.1.

Action-Not Available
Vendor-fifu.appfifu
Product-Featured Image from URLfeatured_image_from_url
CWE ID-CWE-862
Missing Authorization
CVE-2024-37470
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.2||HIGH
EPSS-0.44% / 62.49%
||
7 Day CHG+0.07%
Published-01 Nov, 2024 | 14:18
Updated-11 Aug, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8.

Action-Not Available
Vendor-xtendifyWofficeIOwofficeio
Product-wofficeWoffice Corewoffice_core
CWE ID-CWE-862
Missing Authorization
CVE-2024-37468
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 27.53%
||
7 Day CHG+0.01%
Published-01 Nov, 2024 | 14:18
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Newsmatic theme <= 1.3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in blazethemes Newsmatic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newsmatic: from n/a through 1.3.1.

Action-Not Available
Vendor-blazethemesblazethemes
Product-Newsmaticnewsmatic
CWE ID-CWE-862
Missing Authorization
CVE-2024-37463
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.37%
||
7 Day CHG+0.03%
Published-01 Nov, 2024 | 14:18
Updated-07 Feb, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5.

Action-Not Available
Vendor-crmperksCRM Perkscrmperks
Product-crm_perks_formsCRM Perks Formscrm_perks_forms
CWE ID-CWE-862
Missing Authorization
CVE-2024-35660
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.80%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 11:56
Updated-26 Nov, 2024 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability

Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.

Action-Not Available
Vendor-master-addonsJewel Themejeweltheme
Product-master_addonsMaster Addons for Elementormaster_addons_for_elementor
CWE ID-CWE-862
Missing Authorization
CVE-2024-35665
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 39.01%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:10
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Insert Post Ads plugin <= 1.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in namithjawahar Insert Post Ads.This issue affects Insert Post Ads: from n/a through 1.3.2.

Action-Not Available
Vendor-namithjawaharnamithjawahar
Product-Insert Post Adsinsert_post_ads
CWE ID-CWE-862
Missing Authorization
CVE-2023-29429
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.42%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 11:31
Updated-19 Mar, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1.

Action-Not Available
Vendor-wpeverestWPEverestwpeverest
Product-user_registrationUser Registrationuser_registration
CWE ID-CWE-862
Missing Authorization
CVE-2024-35729
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.85%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:44
Updated-09 Aug, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.

Action-Not Available
Vendor-tickeraTickeratickera
Product-tickeraTickeratickera
CWE ID-CWE-862
Missing Authorization
CVE-2024-36246
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.16%
||
7 Day CHG~0.00%
Published-31 May, 2024 | 06:11
Updated-08 Apr, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.

Action-Not Available
Vendor-Yokogawa Rental & Lease Corporationyokogawa_rental_lease_corporation
Product-UnifierUnifier Castunifierunifier_cast
CWE ID-CWE-862
Missing Authorization
CVE-2024-35748
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.73%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:41
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4.

Action-Not Available
Vendor-opmcOPMC
Product-woocommerce_dropshippingWooCommerce Dropshipping
CWE ID-CWE-862
Missing Authorization
CVE-2024-35685
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.47%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 10:46
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Radcliffe 2 theme <= 2.0.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in Anders Norén Radcliffe 2.This issue affects Radcliffe 2: from n/a through 2.0.17.

Action-Not Available
Vendor-Anders Norénanders_noren
Product-Radcliffe 2radcliffe_2
CWE ID-CWE-862
Missing Authorization
CVE-2024-35661
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.10%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 18:33
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in SoftLab Upload Fields for WPForms.This issue affects Upload Fields for WPForms: from n/a through 1.0.2.

Action-Not Available
Vendor-softlabbdSoftLab
Product-upload_fields_for_wpformsUpload Fields for WPForms
CWE ID-CWE-862
Missing Authorization
CVE-2024-3599
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.30%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-10 Jul, 2025 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdpr_policy_process_delete() function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete arbitrary posts.

Action-Not Available
Vendor-wpekawpeka-club
Product-wp_cookie_consentWP Cookie Consent ( for GDPR, CCPA & ePrivacy )
CWE ID-CWE-862
Missing Authorization
CVE-2024-35735
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 56.59%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 07:43
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11.

Action-Not Available
Vendor-CodePeople
Product-wp_time_slots_booking_formWP Time Slots Booking Formwp_time_slots_booking_form
CWE ID-CWE-862
Missing Authorization
CVE-2024-35667
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 39.01%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:09
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP EasyCart.This issue affects WP EasyCart: from n/a through 5.5.19.

Action-Not Available
Vendor-WP EasyCart
Product-WP EasyCart
CWE ID-CWE-862
Missing Authorization
CVE-2024-35692
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.13%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:21
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2.

Action-Not Available
Vendor-termlyTermlytermly
Product-gdpr_cookie_consent_bannerCookie Consentgdpr_cookie_consent_banner
CWE ID-CWE-862
Missing Authorization
CVE-2023-28536
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.61%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Branded Social Images plugin <= 1.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Acato Branded Social Images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Branded Social Images: from n/a through 1.1.0.

Action-Not Available
Vendor-Acatoacato
Product-Branded Social Imagesbranded_social_images
CWE ID-CWE-862
Missing Authorization
CVE-2024-34799
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.12%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:35
Updated-20 Mar, 2025 | 11:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BookingPress plugin <= 1.0.82 - Appointment Duration Manipulation vulnerability

Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82.

Action-Not Available
Vendor-reputeinfosystemsRepute Infosystems
Product-bookingpressBookingPress
CWE ID-CWE-862
Missing Authorization
CVE-2023-28775
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.01%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:16
Updated-07 Aug, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability

Missing Authorization vulnerability in Yoast Yoast SEO Premium.This issue affects Yoast SEO Premium: from n/a through 20.4.

Action-Not Available
Vendor-yoastYoast
Product-yoast_seoYoast SEO Premium
CWE ID-CWE-862
Missing Authorization
CVE-2024-1044
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 51.85%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 18:56
Updated-11 Jul, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled.

Action-Not Available
Vendor-cusrevivolecusrev
Product-customer_reviews_for_woocommerceCustomer Reviews for WooCommercecustomer_reviews_for_woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2024-34813
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.47%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 10:38
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.8.

Action-Not Available
Vendor-MoreConvert
Product-MC Woocommerce Wishlist
CWE ID-CWE-862
Missing Authorization
CVE-2024-34819
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.82%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:10
Updated-09 Aug, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MC Woocommerce Wishlist plugin <= 1.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in MoreConvert MC Woocommerce Wishlist.This issue affects MC Woocommerce Wishlist: from n/a through 1.7.2.

Action-Not Available
Vendor-moreconvertMoreConvertmoreconvert
Product-woocommerce_wishlistMC Woocommerce Wishlistwoocommerce_wishlist
CWE ID-CWE-862
Missing Authorization
CVE-2024-34822
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.82%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 15:26
Updated-07 Aug, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-wemailweMail
CWE ID-CWE-862
Missing Authorization
CVE-2024-3961
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 53.21%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 03:49
Updated-01 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ConvertKit <= 2.4.9 - Missing Authorization

The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded.

Action-Not Available
Vendor-convertkitconvertkitconvertkit
Product-convertkit_-_email_marketing\,_email_newsletter_and_landing_pagesConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pagesconvertkit_-_email_marketing\,_email_newsletter_and_landing_pages
CWE ID-CWE-862
Missing Authorization
CVE-2023-27626
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.78%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stock Ticker plugin <= 3.23.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Aleksandar Urošević Stock Ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Ticker: from n/a through 3.23.0.

Action-Not Available
Vendor-Aleksandar Urošević
Product-Stock Tickerstock_ticker
CWE ID-CWE-862
Missing Authorization
CVE-2020-24672
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.13%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 15:03
Updated-17 Sep, 2024 | 00:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABB Base Software for SoftControl Remote Code Execution vulnerability

A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .

Action-Not Available
Vendor-ABB
Product-base_softwareBase Software for SoftControl
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-20
Improper Input Validation
CVE-2024-34442
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.82%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 13:34
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress weDocs plugin <= 2.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in weDevs weDocs.This issue affects weDocs: from n/a through 2.1.4.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-weDocswedocs
CWE ID-CWE-862
Missing Authorization
CVE-2024-34763
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 51.84%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:57
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.5.

Action-Not Available
Vendor-Tobias Conrad
Product-Builder for WooCommerce reviews shortcodes – ReviewShort
CWE ID-CWE-862
Missing Authorization
CVE-2023-26035
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.2||HIGH
EPSS-49.10% / 97.69%
||
7 Day CHG-0.74%
Published-25 Feb, 2023 | 01:07
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZoneMinder vulnerable to Missing Authorization

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.

Action-Not Available
Vendor-zoneminderZoneMinder
Product-zoneminderzoneminder
CWE ID-CWE-862
Missing Authorization
CVE-2024-34768
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.47%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 16:42
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.

Action-Not Available
Vendor-Fastly
Product-Fastly
CWE ID-CWE-862
Missing Authorization
CVE-2023-26520
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.21%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Text Widget plugin <= 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Max Chirkov Advanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Text Widget : from n/a through 2.1.2.

Action-Not Available
Vendor-Max Chirkovadvanced_text_widget_project
Product-Advanced Text Widgetadvanced_text_widget
CWE ID-CWE-862
Missing Authorization
CVE-2025-5814
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.38%
||
7 Day CHG~0.00%
Published-07 Jun, 2025 | 04:22
Updated-09 Jun, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Profiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration

The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the "Profiler" page.

Action-Not Available
Vendor-switcorp
Product-Profiler – What Slowing Down Your WP
CWE ID-CWE-862
Missing Authorization
CVE-2023-25703
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 35.19%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:31
Updated-09 Dec, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Meta slider and carousel with lightbox plugin <= 1.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Meta slider and carousel with lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta slider and carousel with lightbox: from n/a through 1.6.2.

Action-Not Available
Vendor-WP OnlineSupport, Essential Pluginessentialplugin
Product-Meta slider and carousel with lightboxmeta_slider_and_carousel_with_lightbox
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 14
  • 15
  • Next
Details not found