The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pm_upload_cover_image function in all versions up to, and including, 5.8.3. This makes it possible for authenticated attackers, with subscriber access or higher, to delete attachments.
Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List.This issue affects Dashboard To-Do List: from n/a through 1.2.0.
Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31.
Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4.
Missing Authorization vulnerability in Fastly.This issue affects Fastly: from n/a through 1.2.25.
Missing Authorization vulnerability in CodeRevolution Aiomatic.This issue affects Aiomatic: from n/a through 1.9.3.
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25.
Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20.
Missing Authorization vulnerability in Adrian Mörchen Embed Google Fonts.This issue affects Embed Google Fonts: from n/a through 3.1.0.
Missing Authorization vulnerability in Bowo Debug Log Manager.This issue affects Debug Log Manager: from n/a through 2.3.1.
Missing Authorization vulnerability in RedNao Smart Forms.This issue affects Smart Forms: from n/a through 2.6.91.
A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL.
Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through 2.12.1.
Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3.
When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.
Missing Authorization vulnerability in Eric Alli Google Typography.This issue affects Google Typography: from n/a through 1.1.2.
Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0.
Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3.
Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0.
Missing Authorization vulnerability in impleCode Reviews Plus.This issue affects Reviews Plus: from n/a through 1.3.4.
Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through 7.1.6.
Missing Authorization vulnerability in WPClever WPC Grouped Product for WooCommerce.This issue affects WPC Grouped Product for WooCommerce: from n/a through 4.4.2.
Missing Authorization vulnerability in Welcart Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.14.
Missing Authorization vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.7.3.
Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1.
Missing Authorization vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.16.
Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through 0.1.0.24.
Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.
A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.
Missing Authorization vulnerability in Jaed Mosharraf & Pluginbazar Team Open Close WooCommerce Store.This issue affects Open Close WooCommerce Store: from n/a through 4.9.1.
Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands.
Missing Authorization vulnerability in Salesforce Pardot.This issue affects Pardot: from n/a through 2.1.0.
Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05.
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confidentiality and Availability are not impacted.
Missing Authorization vulnerability in WooCommerce & WordPress Tutorials Custom Thank You Page Customize For WooCommerce by Binary Carpenter.This issue affects Custom Thank You Page Customize For WooCommerce by Binary Carpenter: from n/a through 1.4.12.
Missing Authorization vulnerability in Very Good Plugins Fatal Error Notify.This issue affects Fatal Error Notify: from n/a through 1.5.2.
Missing Authorization vulnerability in Octolize Flexible Shipping.This issue affects Flexible Shipping: from n/a through 4.24.15.
A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds.
Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34.
Missing Authorization vulnerability in WP Desk Flexible Checkout Fields for WooCommerce.This issue affects Flexible Checkout Fields for WooCommerce: from n/a through 4.1.2.
Missing Authorization vulnerability in Premmerce Premmerce Product Filter for WooCommerce.This issue affects Premmerce Product Filter for WooCommerce: from n/a through 3.7.2.
Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.This issue affects WP Sort Order: from n/a through 1.3.1.
Missing Authorization vulnerability in Supsystic Popup by Supsystic.This issue affects Popup by Supsystic: from n/a through 1.10.27.
Missing Authorization vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1.
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5.
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted.
Missing Authorization vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.1.0.