Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-49441

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-06 Jun, 2025 | 12:54
Updated At-06 Jun, 2025 | 13:39
Rejected At-
Credits

WordPress Interactive Regional Map of Florida <= 1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Interactive Regional Map of Florida: from n/a through 1.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:06 Jun, 2025 | 12:54
Updated At:06 Jun, 2025 | 13:39
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Interactive Regional Map of Florida <= 1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Interactive Regional Map of Florida: from n/a through 1.0.

Affected Products
Vendor
WP Map Plugins
Product
Interactive Regional Map of Florida
Collection URL
https://wordpress.org/plugins
Package Name
interactive-map-of-florida
Default Status
unaffected
Versions
Affected
  • From n/a through 1.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-180CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
CAPEC ID: CAPEC-180
Description: CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Chu The Anh (Blue Rock) (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/interactive-map-of-florida/vulnerability/wordpress-interactive-regional-map-of-florida-1-0-broken-access-control-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/wordpress/plugin/interactive-map-of-florida/vulnerability/wordpress-interactive-regional-map-of-florida-1-0-broken-access-control-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:06 Jun, 2025 | 13:15
Updated At:06 Jun, 2025 | 14:06

Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Interactive Regional Map of Florida: from n/a through 1.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Primaryaudit@patchstack.com
CWE ID: CWE-862
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/wordpress/plugin/interactive-map-of-florida/vulnerability/wordpress-interactive-regional-map-of-florida-1-0-broken-access-control-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/interactive-map-of-florida/vulnerability/wordpress-interactive-regional-map-of-florida-1-0-broken-access-control-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

448Records found
CVE-2022-2461
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 65.43%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 17:18
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_translation' AJAX action and default settings which makes it possible for unauthenticated attackers to influence the data shown on the site.

Action-Not Available
Vendor-transposhoferwald
Product-transposh_wordpress_translationTransposh WordPress Translation
CWE ID-CWE-862
Missing Authorization
CVE-2025-54730
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.60%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 18:21
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embedder for Google Reviews: from n/a through 1.7.3.

Action-Not Available
Vendor-PARETO Digital
Product-Embedder for Google Reviews
CWE ID-CWE-862
Missing Authorization
CVE-2025-53986
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.99%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hestia theme <= 3.2.10 - Broken Access Control Vulnerability

Missing Authorization vulnerability in ThemeIsle Hestia allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hestia: from n/a through 3.2.10.

Action-Not Available
Vendor-Themeisle
Product-Hestia
CWE ID-CWE-862
Missing Authorization
CVE-2024-2508
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.69%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 08:30
Updated-31 Jul, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification

The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the '_mobmenu_icon' post meta to arbitrary posts with an arbitrary (but sanitized) value. NOTE: Version 2.8.4.4 contains a partial fix for this vulnerability.

Action-Not Available
Vendor-takanakuifreshlight
Product-WP Mobile Menu – The Mobile-Friendly Responsive Menuwp_mobile_menu
CWE ID-CWE-862
Missing Authorization
CVE-2025-53304
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.99%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form – 7 : Hide Success Message plugin <= 1.1.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Rohil Contact Form &#8211; 7 : Hide Success Message allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Contact Form &#8211; 7 : Hide Success Message: from n/a through 1.1.4.

Action-Not Available
Vendor-Rohil
Product-Contact Form &#8211; 7 : Hide Success Message
CWE ID-CWE-862
Missing Authorization
CVE-2025-53255
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.99%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HurryTimer plugin <= 2.13.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Nabil Lemsieh HurryTimer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HurryTimer: from n/a through 2.13.1.

Action-Not Available
Vendor-Nabil Lemsieh
Product-HurryTimer
CWE ID-CWE-862
Missing Authorization
CVE-2024-23524
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 45.86%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 08:03
Updated-25 Sep, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PilotPress plugin <= 2.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30.

Action-Not Available
Vendor-ontraportONTRAPORT Inc.
Product-pilotpressPilotPress
CWE ID-CWE-862
Missing Authorization
CVE-2025-49864
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-20 Jun, 2025 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AFS Analytics plugin <= 4.21 - Broken Access Control Vulnerability

Missing Authorization vulnerability in AFS Analytics AFS Analytics allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AFS Analytics: from n/a through 4.21.

Action-Not Available
Vendor-AFS Analytics
Product-AFS Analytics
CWE ID-CWE-862
Missing Authorization
CVE-2022-24594
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 50.83%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 11:31
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address.

Action-Not Available
Vendor-walinen/a
Product-walinen/a
CWE ID-CWE-862
Missing Authorization
CVE-2025-49986
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video List Manager plugin <= 1.7 - Broken Access Control Vulnerability

Missing Authorization vulnerability in thanhtungtnt Video List Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Video List Manager: from n/a through 1.7.

Action-Not Available
Vendor-thanhtungtnt
Product-Video List Manager
CWE ID-CWE-862
Missing Authorization
CVE-2023-5611
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.06%
||
7 Day CHG~0.00%
Published-27 Nov, 2023 | 16:22
Updated-16 Jan, 2025 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import

The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them

Action-Not Available
Vendor-s-solsUnknown
Product-seraphinite_acceleratorSeraphinite Accelerator
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-49990
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ContentStudio plugin <= 1.3.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in contentstudio ContentStudio allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ContentStudio: from n/a through 1.3.4.

Action-Not Available
Vendor-contentstudio
Product-ContentStudio
CWE ID-CWE-862
Missing Authorization
CVE-2025-49993
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cookie-Script.com plugin <= 1.2.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Cookie Script Cookie-Script.com allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cookie-Script.com: from n/a through 1.2.1.

Action-Not Available
Vendor-Cookie Script
Product-Cookie-Script.com
CWE ID-CWE-862
Missing Authorization
CVE-2025-49997
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Giveaways and Contests by RafflePress plugin <= 1.12.17 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.17.

Action-Not Available
Vendor-Awesome Motive Inc.
Product-Giveaways and Contests by RafflePress
CWE ID-CWE-862
Missing Authorization
CVE-2019-25139
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.56%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 01:51
Updated-28 Dec, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset.

Action-Not Available
Vendor-wpshopmartwpshopmart
Product-coming_soon_page_\&_maintenance_modeComing Soon Page & Maintenance Mode
CWE ID-CWE-862
Missing Authorization
CVE-2025-49872
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 15:01
Updated-20 Jun, 2025 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WPExperts.io myCred allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects myCred: from n/a through 2.9.4.2.

Action-Not Available
Vendor-WPExperts.io
Product-myCred
CWE ID-CWE-862
Missing Authorization
CVE-2025-8152
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.79%
||
7 Day CHG~0.00%
Published-02 Aug, 2025 | 07:24
Updated-04 Aug, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status Update

The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_cta_status' and 'change_sticky_sidebar_name' functions in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to update the status of a sticky and update the name displayed in the back-end WP CTA Dashboard.

Action-Not Available
Vendor-blendmedia
Product-WP CTA
CWE ID-CWE-862
Missing Authorization
CVE-2025-48346
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:55
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Embed and Integrate Etsy Shop <= 1.0.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Etsy360 Embed and Integrate Etsy Shop allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embed and Integrate Etsy Shop: from n/a through 1.0.4.

Action-Not Available
Vendor-Etsy360
Product-Embed and Integrate Etsy Shop
CWE ID-CWE-862
Missing Authorization
CVE-2025-49432
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.60%
||
7 Day CHG~0.00%
Published-15 Aug, 2025 | 15:13
Updated-18 Aug, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in FWDesign Ultimate Video Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Video Player: from n/a through 10.1.

Action-Not Available
Vendor-FWDesign
Product-Ultimate Video Player
CWE ID-CWE-862
Missing Authorization
CVE-2025-48155
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.99%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Residential Address Detection plugin <= 2.5.9 - Broken Access Control Vulnerability

Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Residential Address Detection: from n/a through 2.5.9.

Action-Not Available
Vendor-Eniture, LLC
Product-Residential Address Detection
CWE ID-CWE-862
Missing Authorization
CVE-2025-49236
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Raychat <= 2.1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in raychat Raychat allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Raychat: from n/a through 2.1.0.

Action-Not Available
Vendor-raychat
Product-Raychat
CWE ID-CWE-862
Missing Authorization
CVE-2025-48337
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 11:15
Updated-06 Jun, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress QuickCab plugin <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.

Action-Not Available
Vendor-QuickcabWP
Product-QuickCab
CWE ID-CWE-862
Missing Authorization
CVE-2025-49509
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 12:40
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Audio Editor & Recorder plugin <= 2.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through 2.2.1.

Action-Not Available
Vendor-Roland Beaussant
Product-Audio Editor & Recorder
CWE ID-CWE-862
Missing Authorization
CVE-2025-48166
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.99%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 10:36
Updated-16 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Bill Minozzi Stop and Block bots plugin Anti bots allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Stop and Block bots plugin Anti bots: from n/a through 1.48.

Action-Not Available
Vendor-Bill Minozzi
Product-Stop and Block bots plugin Anti bots
CWE ID-CWE-862
Missing Authorization
CVE-2025-48282
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:45
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Majestic Support <= 1.1.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Majestic Support Majestic Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Majestic Support: from n/a through 1.1.0.

Action-Not Available
Vendor-Majestic Support
Product-Majestic Support
CWE ID-CWE-862
Missing Authorization
CVE-2025-49406
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 9.60%
||
7 Day CHG+0.01%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Houzez Theme <= 4.1.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.

Action-Not Available
Vendor-favethemes
Product-Houzez
CWE ID-CWE-862
Missing Authorization
CVE-2025-49320
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FraudLabs Pro for WooCommerce <= 2.22.11 - Broken Access Control Vulnerability

Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.11.

Action-Not Available
Vendor-fraudlabspro
Product-FraudLabs Pro for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-49270
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-CRM System <= 3.4.2 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Mario Peshev WP-CRM System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-CRM System: from n/a through 3.4.2.

Action-Not Available
Vendor-Mario Peshev
Product-WP-CRM System
CWE ID-CWE-862
Missing Authorization
CVE-2025-48272
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:45
Updated-17 Jun, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Job Portal <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability

Missing Authorization vulnerability in wpjobportal WP Job Portal allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Job Portal: from n/a through 2.3.2.

Action-Not Available
Vendor-WP Job Portal
Product-wp_job_portalWP Job Portal
CWE ID-CWE-862
Missing Authorization
CVE-2023-48926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.03%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 00:00
Updated-02 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status.

Action-Not Available
Vendor-n/aPrestaShop S.A
Product-advanced_loyalty_programn/a
CWE ID-CWE-862
Missing Authorization
CVE-2025-49324
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Job Board Manager <= 2.1.60 - Broken Access Control Vulnerability

Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60.

Action-Not Available
Vendor-PickPlugins
Product-Job Board Manager
CWE ID-CWE-862
Missing Authorization
CVE-2024-22151
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.17%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 16:19
Updated-26 Aug, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Import and export users and customers plugin <= 1.24.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6.

Action-Not Available
Vendor-codectionCodectioncodection
Product-import_and_export_users_and_customersImport and export users and customersimport_and_export_users_and_customers
CWE ID-CWE-862
Missing Authorization
CVE-2025-47450
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple File List <= 6.1.13 - Settings Change Vulnerability

Missing Authorization vulnerability in Mitchell Bennis Simple File List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple File List: from n/a through 6.1.13.

Action-Not Available
Vendor-Mitchell Bennis
Product-Simple File List
CWE ID-CWE-862
Missing Authorization
CVE-2025-47688
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 13.44%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-23 May, 2025 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability

Missing Authorization vulnerability in Saad Iqbal Advanced File Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced File Manager: from n/a through 5.3.1.

Action-Not Available
Vendor-advancedfilemanagerSaad Iqbal
Product-advanced_file_managerAdvanced File Manager
CWE ID-CWE-862
Missing Authorization
CVE-2023-52211
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.38%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 14:33
Updated-02 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.

Action-Not Available
Vendor-Automattic Inc.
Product-WP Job Managerwp_job_manager
CWE ID-CWE-862
Missing Authorization
CVE-2023-51507
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.49%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 01:01
Updated-07 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quiz And Survey Master plugin <= 8.1.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master.This issue affects Quiz And Survey Master: from n/a through 8.1.16.

Action-Not Available
Vendor-expresstechExpressTechexpresstech
Product-quiz_and_survey_masterQuiz And Survey Masterquiz_and_survey_master
CWE ID-CWE-862
Missing Authorization
CVE-2023-52186
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.49%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 09:23
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2.

Action-Not Available
Vendor-WooCommerce
Product-product_vendorsWooCommerce Product Vendors
CWE ID-CWE-862
Missing Authorization
CVE-2025-49987
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.71%
||
7 Day CHG~0.00%
Published-20 Jun, 2025 | 15:04
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CRM ERP Business Solution plugin <= 1.13 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WPFactory CRM ERP Business Solution allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CRM ERP Business Solution: from n/a through 1.13.

Action-Not Available
Vendor-WPFactory
Product-CRM ERP Business Solution
CWE ID-CWE-862
Missing Authorization
CVE-2023-51357
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.81%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:29
Updated-09 Dec, 2024 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through 6.5.0.

Action-Not Available
Vendor-Conversiosconversios
Product-Conversios.ioconversios.io
CWE ID-CWE-862
Missing Authorization
CVE-2023-51377
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.49%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 05:45
Updated-07 Aug, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Everest Forms plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPEverest Everest Forms.This issue affects Everest Forms: from n/a through 2.0.3.

Action-Not Available
Vendor-wpeverestWPEverest
Product-everest_formsEverest Forms
CWE ID-CWE-862
Missing Authorization
CVE-2023-51498
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.84%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:37
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Canada Post Shipping plugin <= 2.8.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Woo WooCommerce Canada Post Shipping.This issue affects WooCommerce Canada Post Shipping: from n/a through 2.8.3.

Action-Not Available
Vendor-WooCommerce
Product-WooCommerce Canada Post Shipping
CWE ID-CWE-862
Missing Authorization
CVE-2023-50887
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.81%
||
7 Day CHG+0.01%
Published-09 Dec, 2024 | 11:29
Updated-09 Dec, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Feedback plugin <= 1.0.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in UserFeedback Team User Feedback allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through 1.0.10.

Action-Not Available
Vendor-MonsterInsights, LLC (UserFeedback)
Product-User Feedbackuserfeedback
CWE ID-CWE-862
Missing Authorization
CVE-2023-50903
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.25%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:29
Updated-01 Mar, 2025 | 02:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Metform Elementor Contact Form Builder plugin <= 3.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.4.0.

Action-Not Available
Vendor-wpmetWpmetwpmet
Product-metform_elementor_contact_form_builderMetform Elementor Contact Form Buildermetform_elementor_contact_form_builder
CWE ID-CWE-862
Missing Authorization
CVE-2023-51353
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.36%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:29
Updated-09 Dec, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup by Supsystic plugin <= 1.10.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19.

Action-Not Available
Vendor-supsystic.comsupsystic
Product-Popup by Supsysticpopup
CWE ID-CWE-862
Missing Authorization
CVE-2025-46489
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bulk Assign Linked Products For WooCommerce <= 2.1 - Broken Access Control Vulnerability

Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linked Products For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bulk Assign Linked Products For WooCommerce: from n/a through 2.1.

Action-Not Available
Vendor-vinodvaswani9
Product-Bulk Assign Linked Products For WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-49818
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.24%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:30
Updated-10 Dec, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Webflow Pages plugin <= 1.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8.

Action-Not Available
Vendor-Webflow
Product-Webflow Pages
CWE ID-CWE-862
Missing Authorization
CVE-2025-46485
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.45%
||
7 Day CHG+0.01%
Published-24 Apr, 2025 | 16:09
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Customize Login Page <= 1.6.5 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Carlo La Pera WP Customize Login Page allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Customize Login Page: from n/a through 1.6.5.

Action-Not Available
Vendor-Carlo La Pera
Product-WP Customize Login Page
CWE ID-CWE-862
Missing Authorization
CVE-2025-46244
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.43%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 09:53
Updated-29 Apr, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Advanced Linked Variations for Woocommerce <= 1.0.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Dotstore Advanced Linked Variations for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Linked Variations for Woocommerce: from n/a through 1.0.3.

Action-Not Available
Vendor-multidotsDotstore
Product-advanced_linked_variations_for_woocommerceAdvanced Linked Variations for Woocommerce
CWE ID-CWE-862
Missing Authorization
CVE-2023-49851
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.76%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 11:30
Updated-09 Dec, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Square Thumbnails plugin <= 1.1.1 - Broken Access Control + CSRF vulnerability

Missing Authorization vulnerability in ILMDESIGNS Square Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square Thumbnails: from n/a through 1.1.1.

Action-Not Available
Vendor-ILMDESIGNSilmdesigns
Product-Square Thumbnailssquare_thumbnails
CWE ID-CWE-862
Missing Authorization
CVE-2022-2108
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.69% / 70.94%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 16:12
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to modify reviews and plugin settings on the affected site.

Action-Not Available
Vendor-wbcomdesignswbcomdesigns
Product-buddypress_group_reviewsWbcom Designs – BuddyPress Group Reviews
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 8
  • 9
  • Next
Details not found