Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a.
Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through <= 3.3.52.
Missing Authorization vulnerability in B.M. Rafiul Alam Elementor Timeline Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Timeline Widget: from n/a through 2.2.
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.30.32.
Missing Authorization vulnerability in AA-Team WZone woozone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WZone: from n/a through <= 14.0.31.
Missing Authorization vulnerability in virtuellwerk canvasio3D Light canvasio3d-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects canvasio3D Light: from n/a through <= 2.5.0.
Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.
Missing Authorization vulnerability in prasadkirpekar WP Meta and Date Remover wp-meta-and-date-remover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meta and Date Remover: from n/a through <= 2.3.0.
Missing Authorization vulnerability in Addons for Contact Form 7 Live Preview for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Preview for Contact Form 7: from n/a through 1.2.0.
Missing Authorization vulnerability in Vikas Ratudi VPSUForm v-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VPSUForm: from n/a through <= 3.0.5.
Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.1.
Missing Authorization vulnerability in zohocrm Zoho CRM Lead Magnet zoho-crm-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho CRM Lead Magnet: from n/a through <= 1.8.1.9.
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.
Missing Authorization vulnerability in WisdmLabs Edwiser Bridge edwiser-bridge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Edwiser Bridge: from n/a through <= 4.3.2.
The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne_clean_data' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to truncate 8 core WordPress database tables (posts, comments, terms, term_relationships, term_taxonomy, postmeta, commentmeta, termmeta) and delete the entire WordPress uploads directory, resulting in complete data loss.
Missing Authorization vulnerability in TCBarrett Glossary allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Glossary: from n/a through 3.1.2.
Missing Authorization vulnerability in De paragon No Spam At All no-spam-at-all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects No Spam At All: from n/a through <= 1.3.
Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.9.
Missing Authorization vulnerability in revmakx WP Duplicate local-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Duplicate: from n/a through <= 1.1.6.
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0.
Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1.
Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7.
Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73.
Missing Authorization vulnerability in codelobster Responsive Flipbooks responsive-flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Flipbooks: from n/a through <= 1.0.
Missing Authorization vulnerability in krozero WP Custom Widget area wp-custom-widget-area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through <= 1.2.5.
Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery lpagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through <= 2.4.9.
Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
Missing Authorization vulnerability in Deepen Bajracharya Inactive Logout inactive-logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through <= 3.2.2.
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.
Missing Authorization vulnerability in Epsiloncool WP Fast Total Search fulltext-search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Fast Total Search: from n/a through <= 1.78.258.
Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TicketBAI Facturas para WooCommerce: from n/a through <= 3.45.
Missing Authorization vulnerability in tychesoftwares Abandoned Cart Lite for WooCommerce woocommerce-abandoned-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Cart Lite for WooCommerce: from n/a through <= 5.16.1.
Missing Authorization vulnerability in wpdive Better Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Elementor Addons: from n/a through 1.3.7.
Missing Authorization vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
Missing Authorization vulnerability in Pechenki TelSender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TelSender: from n/a through 1.14.11.
Missing Authorization vulnerability in Metagauss Event Kikfyre kikfyre-events-calendar-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Kikfyre: from n/a through <= 2.1.8.
Missing Authorization vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 1.5.
The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4's license key due to a missing capability check on the 'actions' function. This makes it possible for subscribers and above delete the license key.
The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site.
Missing Authorization vulnerability in Hardik Chavada Sticky Social Media Icons.This issue affects Sticky Social Media Icons: from n/a through 2.1.
Missing Authorization vulnerability in Andrew Fiebert Simple URLs simple-urls allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through <= 117.
The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the gdpr_cookie_compliance_reset_settings AJAX action in versions up to, and including, 4.0.2. This makes it possible for authenticated attackers to reset all of the settings.
Missing Authorization vulnerability in bpiwowar PAPERCITE papercite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PAPERCITE: from n/a through <= 0.5.18.
Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2.
Missing Authorization vulnerability in flymke Mark Posts mark-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through <= 2.2.4.
Missing Authorization vulnerability in Nuanced Media WP Meetup wp-meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through <= 2.3.0.
Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign registered-user-sync-activecampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through <= 1.3.2.
Missing Authorization vulnerability in beautifultemplates ST Gallery WP st-gallery-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through <= 1.0.8.
Missing Authorization vulnerability in etruel WP Delete Post Copies etruel-del-post-copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Copies: from n/a through <= 5.5.
Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6.