Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2.
Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.
Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3.
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.
Missing Authorization vulnerability in BloomPixel Max Addons Pro for Bricks.This issue affects Max Addons Pro for Bricks: from n/a through 1.6.1.
Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.
Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0.
Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a through 2.0.0.
Missing Authorization vulnerability in CodeSolz Ultimate Push Notifications allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Push Notifications: from n/a through 1.1.9.
Missing Authorization vulnerability in Loopus WP Cost Estimation & Payment Forms Builder.This issue affects WP Cost Estimation & Payment Forms Builder: from n/a through 10.1.76.
Missing Authorization vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2.
Missing Authorization vulnerability in typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.5.
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4.
Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2.
Missing Authorization vulnerability in WPDeveloper EmbedPress.This issue affects EmbedPress: from n/a through 3.9.8.
Missing Authorization vulnerability in Social Snap.This issue affects Social Snap: from n/a through 1.3.5.
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.
Missing Authorization vulnerability in alexvtn Internal Linking of Related Contents allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Linking of Related Contents: from n/a through 1.1.8.
Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist for WooCommerce: from n/a through 3.2.3.
Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.
Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WC Pickup Store: from n/a through 1.8.9.
Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through 2.1.2.
Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2.
Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Visual Header: from n/a through 1.3.
Missing Authorization vulnerability in Jeff Farthing Theme My Login allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Theme My Login: from n/a through 7.1.12.
Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through 1.1.1.
Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7.
Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0.
Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress.
Missing Authorization vulnerability in ChoPlugins Custom PC Builder Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom PC Builder Lite for WooCommerce: from n/a through 1.0.1.
CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the force_unsubscribe parameter in the POST request to 1, an attacker can force the removal of any valid subscriber’s email address. This issue has been patched in version 6.5.11.
Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82.
Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Text to Speech: from n/a through 3.0.3.
Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5.
Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through <= 1.1.3.
Missing Authorization vulnerability in Plugin Devs Shopify to WooCommerce Migration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shopify to WooCommerce Migration: from n/a through 1.3.0.
Missing Authorization vulnerability in NotFound Site Notify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Notify: from n/a through 1.0.
Missing Authorization vulnerability in Hive Support Hive Support allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Hive Support: from n/a through 1.2.2.
Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Link Optimiser: from n/a through 5.1.2.
Missing Authorization vulnerability in QuantumCloud SEO Help allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SEO Help: from n/a through 6.6.1.
Missing Authorization vulnerability in richtexteditor Rich Text Editor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rich Text Editor: from n/a through 1.0.1.
Missing Authorization vulnerability in Andy Stratton Append Content allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Append Content: from n/a through 2.1.1.
Missing Authorization vulnerability in shiptrack Booking Calendar and Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar and Notification: from n/a through 4.0.3.
Missing Authorization vulnerability in matthewrubin Local Magic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Local Magic: from n/a through 2.6.0.
Missing Authorization vulnerability in OTWthemes Widget Manager Light allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Widget Manager Light: from n/a through 1.18.
Missing Authorization vulnerability in jeffikus WooTumblog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooTumblog: from n/a through 2.1.4.
Missing Authorization vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.2.
The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated attackers to disconnect the plugin from the startbooking service and remove connection data.
The MultiVendorX – Empower Your WooCommerce Store with a Dynamic Multivendor Marketplace – Build the Next Amazon, eBay, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_table_rate_shipping_row function in all versions up to, and including, 4.2.19. This makes it possible for unauthenticated attackers to delete Table Rates that can impact the shipping cost calculations.