Total
6630 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26655 | 2025-03-11 | N/A | 3.1 LOW | ||
| SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. | |||||
| CVE-2025-25244 | 2025-03-11 | N/A | 5.7 MEDIUM | ||
| SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no impact on confidentiality or availability. | |||||
| CVE-2025-23188 | 2025-03-11 | N/A | 4.3 MEDIUM | ||
| An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability. | |||||
| CVE-2023-27460 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2025-03-10 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in CodePeople, paypaldev CP Contact Form with Paypal allows Functionality Misuse.This issue affects CP Contact Form with Paypal: from n/a through 1.3.34. | |||||
| CVE-2023-35049 | 1 Woocommerce | 1 Stripe Payment Gateway | 2025-03-10 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.4.0. | |||||
| CVE-2025-24591 | 1 Ninjateam | 1 Gdpr Ccpa Compliance \& Cookie Consent Banner | 2025-03-10 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1. | |||||
| CVE-2023-26523 | 1 Codepeople | 1 Calculated Fields Form | 2025-03-10 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in CodePeople Calculated Fields Form allows Functionality Misuse.This issue affects Calculated Fields Form: from n/a through 1.1.120. | |||||
| CVE-2023-28494 | 1 Codepeople | 1 Contact Form Email | 2025-03-10 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through 1.3.31. | |||||
| CVE-2023-23895 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2025-03-10 | N/A | 4.7 MEDIUM |
| Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through 1.1.82. | |||||
| CVE-2023-51353 | 1 Supsystic | 1 Popup | 2025-03-10 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19. | |||||
| CVE-2024-24799 | 1 Woocommerce | 1 Box Office | 2025-03-10 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. | |||||
| CVE-2023-39997 | 1 Supsystic | 1 Popup | 2025-03-10 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19. | |||||
| CVE-2024-13231 | 1 Portfoliohub | 1 Portfoliohub | 2025-03-10 | N/A | 5.3 MEDIUM |
| The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_video' function in all versions up to, and including, 1.1.7. This makes it possible for unauthenticated attackers to add arbitrary videos to any portfolio gallery. | |||||
| CVE-2024-31421 | 1 Supsystic | 1 Popup | 2025-03-10 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Supsystic Popup by Supsystic.This issue affects Popup by Supsystic: from n/a through 1.10.27. | |||||
| CVE-2023-52214 | 1 Voidcoders | 1 Void Contact Form 7 Widget For Elementor Page Builder | 2025-03-10 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3. | |||||
| CVE-2024-1562 | 1 Gsheetconnector | 1 Woocommerce Google Sheet Connector | 2025-03-07 | N/A | 5.3 MEDIUM |
| The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings. | |||||
| CVE-2024-5685 | 1 Snipeitapp | 1 Snipe-it | 2025-03-07 | N/A | 7.6 HIGH |
| Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1. | |||||
| CVE-2024-7135 | 1 Tainacan | 1 Tainacan | 2025-03-07 | N/A | 6.5 MEDIUM |
| The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2025-1309 | 2025-03-07 | N/A | 8.8 HIGH | ||
| The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-13655 | 2025-03-07 | N/A | 8.1 HIGH | ||
| The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. | |||||