Total
6613 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48898 | 1 Moodle | 1 Moodle | 2024-11-20 | N/A | 4.3 MEDIUM |
| A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from. | |||||
| CVE-2024-10390 | 2024-11-19 | N/A | 6.4 MEDIUM | ||
| The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-51817 | 2024-11-19 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in CodeZel Combo WP Rewrite Slugs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Combo WP Rewrite Slugs: from n/a through 1.0. | |||||
| CVE-2024-51660 | 2024-11-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Zakaria Binsaifullah Easy Accordion Gutenberg Block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Accordion Gutenberg Block: from n/a through 1.2.3. | |||||
| CVE-2024-49689 | 2024-11-19 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Harmonic Design HD Quiz – Save Results Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz – Save Results Light: from n/a through 0.5. | |||||
| CVE-2024-10486 | 2024-11-19 | N/A | 5.3 MEDIUM | ||
| The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks. | |||||
| CVE-2024-49680 | 2024-11-19 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.5. | |||||
| CVE-2024-51671 | 2024-11-19 | N/A | 2.7 LOW | ||
| Missing Authorization vulnerability in ThemeIsle Otter - Gutenberg Block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through 3.0.3. | |||||
| CVE-2024-11194 | 2024-11-19 | N/A | 8.8 HIGH | ||
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array. | |||||
| CVE-2024-52395 | 2024-11-19 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in QunatumCloud Floating Buttons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Floating Buttons for WooCommerce: from n/a through 2.8.8. | |||||
| CVE-2024-10582 | 1 Smartwpress | 1 Music Player For Elementor | 2024-11-19 | N/A | 4.3 MEDIUM |
| The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import templates. | |||||
| CVE-2024-43323 | 1 Wpdeveloper | 1 Reviewx | 2024-11-19 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28. | |||||
| CVE-2024-10575 | 1 Schneider-electric | 1 Ecostruxure It Gateway | 2024-11-19 | N/A | 9.8 CRITICAL |
| CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. | |||||
| CVE-2024-10800 | 1 Vanquish | 1 User Extra Fields | 2024-11-19 | N/A | 8.8 HIGH |
| The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to add custom fields that can be updated and then use the check_and_overwrite_wp_or_woocommerce_fields function to update the wp_capabilities field to have administrator privileges. | |||||
| CVE-2021-3987 | 1 Janeczku | 1 Calibre-web | 2024-11-19 | N/A | 4.3 MEDIUM |
| An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `create_shelf` method in `shelf.py` not verifying if the user has the necessary permissions to create a public shelf. This issue can lead to unauthorized actions being performed by users. | |||||
| CVE-2024-11085 | 2024-11-18 | N/A | 5.4 MEDIUM | ||
| The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to access logs, update plugin-related user settings and general plugin settings. | |||||
| CVE-2024-10861 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
| The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 4.9.7. This makes it possible for unauthenticated attackers to update the 'ays_pb_upgrade_plugin' option with arbitrary data. | |||||
| CVE-2024-10786 | 2024-11-18 | N/A | 4.3 MEDIUM | ||
| The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to clear user caches. | |||||
| CVE-2024-52416 | 2024-11-18 | N/A | 10.0 CRITICAL | ||
| Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2. | |||||
| CVE-2024-48073 | 2024-11-18 | N/A | 9.8 CRITICAL | ||
| sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection vulnerability, which could allow an attacker to pass commands to this program via command line arguments to gain elevated root privileges. | |||||