Каталоги
В сервис интегрированы наиболее популярные публичных базы знаний:
- Сертификаты СЗИ - Государственный реестр сертифицированных средств защиты информации опубликованный Федеральной службой по техническому и экспортному контролю, может быть использован для контроля актуальности используемых СЗИ в организации.
- CVE уязвимости - общедоступная публичная база уязвимостей Common Vulnerabilities and Exposures (CVE). Миссия программы CVE заключается в выявлении, определении и каталогизации публично раскрываемых уязвимостей в сфере кибербезопасности. Для каждой уязвимости в каталоге существует одна запись CVE. Уязвимости обнаруживаются, затем присваиваются и публикуются организациями по всему миру, которые сотрудничают с программой CVE. Партнеры публикуют записи CVE для единообразного описания уязвимостей. Специалисты в области информационных технологий и кибербезопасности используют записи CVE, чтобы убедиться, что они обсуждают одну и ту же проблему, и координировать свои усилия по определению приоритетности и устранению уязвимостей.
- БДУ ФСТЭК уязвимости - раздел Уязвимости Банка данных уязвимостей опубликованная Федеральной службой по техническому и экспортному контролю совместно с Государственным научно-исследовательским испытательным институтом проблем технической защиты информации. Одной из целей создания банка данных угроз безопасности информации является объединение специалистов в области информационной безопасности для решения задач повышения защищенности информационных систем.
- НКЦКИ уязвимости - общедоступная публичная база уязвимостей Национального координационного центра по компьютерным инцидентам (НКЦКИ), обеспечивающего координацию деятельности субъектов КИИ по обнаружению, предупреждению, ликвидации последствий компьютерных атак и реагированию на компьютерные инциденты.
- MITRE ATT&CK – Adversarial Tactics, Techniques & Common Knowledge – Тактики, техники и общеизвестные знания о злоумышленниках. Это основанная на реальных наблюдениях база знаний компании Mitre, содержащая описание тактик, приемов и методов, используемых киберпреступниками. База создана в 2013 году и регулярно обновляется, цель – составление структурированной матрицы используемых киберпреступниками приемов, чтобы упростить задачу реагирования на киберинциденты.
- БДУ ФСТЭК и Новая БДУ ФСТЭК – раздел Угрозы Банка данных угроз, опубликованный в 2015 году Федеральной службой по техническому и экспортному контролю и Государственным научно-исследовательским испытательным институтом проблем технической защиты информации, обязателен при моделировании угроз при построении систем защиты персональных данных, критической информационной инфраструктуры, государственных информационных систем.
CVE, БДУ ФСТЭК и НКЦКИ
Каталоги CVE уязвимости, БДУ ФСТЭК уязвимости и НКЦКИ уязвимости предоставляют дополнительный контент и обогащают информацией описание уязвимостей от сканеров в модуле Технические уязвимости.
Интерфейс каталогов идентичен и содержит следующие блоки:
- Метрики:
- Найденные уязвимости – отображает количество найденных в отчетах от сканеров уязвимостей которые связаны с уязвимостями из каталога, при нажатии на виджет перенаправляет в модуль Технические уязвимости с установленным фильтром по названию каталога (тип фильтра Группа уязвимостей);
- Уязвимые хосты – отображает количество хостов на которых обнаружены уязвимости связанные с уязвимостями из каталога, при нажатии на виджет перенаправляет в модуль Технические уязвимости с установленным фильтром по названию каталога (тип фильтра Группа уязвимостей).
- Табличную часть Каталог уязвимостей:
- Фильтр по полю Идентификатор - особенностью данного фильтра является автоматический разбор текста с последующим извлечением из текста идентификаторов. Для этого необходимо вставить произвольный текст с идентификаторами в поле и добавить в фильтр через кнопку плюс;
- Табличную часть с полями для каталогов CVE и БДУ ФСТЭК:
- Идентификатор - id уязвимости в базе уязвимостей;
- Описание - текстовое описание уязвимости;
- Обнаружено - флаг, данный статус отображается если уязвимость обнаружена в отчетах о сканировании;
- CVSS - числовая оценка уязвимости согласно источнику, с указанием даты выявления уязвимости экспертами, оценка отображается цветом согласно оценке CVSS 0.1 – 3.9 Low Зеленый,
4.0 – 6.9 Medium Желтый, 7.0 – 8.9 High Оранжевый, 9.0 – 10.0 Critical Красный.
- Табличную часть с полями для каталогов CVE :
- Дата бюллетеня - информация о дате публикации бюллетеня содержащего уязвимости;
- Идентификатор - id уязвимости в базе уязвимостей;
- Информация - текстовое описание уязвимости;
- Вектор атаки - локальный или сетевой вектор атаки;
- Обнаружено - флаг, данный статус отображается если уязвимость обнаружена в отчетах о сканировании;
- Наличие обновления - - флаг, данный статус отображается если база уязвимостей содержит информацию о наличии обновлений от производителя уязвимого ПО;
- Дата выявления - даты выявления уязвимости экспертами.
- Чекбокс «Только обнаруженные уязвимости» - устанавливает фильтр на табличную часть для отображения только обнаруженные уязвимости.
- Функционал для экспорта всех уязвимостей каталога.
- Для каталога добавляется функционал Варианты отображения:
- Бюллетени - изменяет отображение табличной части на реестр бюллетеней, отображает общее количество уязвимостей в бюллетени в поле Уязвимостей в бюллетени и статус по обнаружению в поле Обнаружено - данный статус отображается если хотя бы одна уязвимость из бюллетеня обнаружена в инфраструктуре.
- Уязвимости.
MITRE ATT&CK, БДУ ФСТЭК, Новая БДУ ФСТЭК
Данные из каталогов MITRE ATT&CK, БДУ ФСТЭК, Новая БДУ ФСТЭК могут использоваться для контекстного наполнения риска в модуле Риски.
Каждый из указанных каталогов сформирован по собственной схеме данных, которая не соответствует подходу оценки риска, используемому в сервисе. Но в основе своей указанные базы описывают все те же риски информационной безопасности, каждый под своим углом. Поэтому они добавлены в сервис и как отдельные компоненты и как основа для создания рисков, угроз или уязвимостей.
Каталоги могут использоваться в сервисе с целью:
- Облегчения процесса формирования рисков, угроз и уязвимостей;
- Обогащения информации по рискам (угрозам, уязвимостям) созданным в сервисе.
- Взгляда на компанию и оценку рисков через публичные каталоги угроз.
Сервис позволяет установить связь между объектами из каталогов и 3 типами объектов сервиса: угрозами, уязвимостями или рисками безопасности:
- Уязвимости могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK и способами реализации Новой БДУ ФСТЭК.
- Угрозы могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK, угрозами и последствиями Новой БДУ ФСТЭК.
- Риски могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK, угрозами, способами реализации и последствиями Новой БДУ ФСТЭК.
Такой широкий выбор возможных связей сделан потому, что объекты из каталогов угроз могут быть или угрозой или уязвимостью в контексте сервиса.
Например, УБИ.004 Угроза аппаратного сброса пароля BIOS из БДУ ФСТЭК в контексте сервиса является уязвимостью, особенностью активов типа Микропрограммное обеспечение, которая может привести к реализации угрозы Несанкционированного локального доступа к BIOS.
В большинстве случаев угрозы из БДУ ФСТЭК и техники из MITRE ATT@CK являются именно уязвимостями, использование которых ведет к реализации угроз безопасности, но бывают и исключения.
Для рисков, угроз и уязвимостей из базы Community связи с каталогами угроз уже установлены.
Связь с каталогом угроз может быть прямой или косвенной. Например, если уязвимость связана с угрозой из БДУ ФСТЭК то и все риски, в составе которых есть данная уязвимость будут автоматически связаны с угрозой из БДУ ФСТЭК.
Каталог БДУ ФСТЭК - это реестр рисков от банка данных угроз безопасности информации ФСТЭК России.
Каждая угроза содержит описание, рекомендации к каким типам активов может быть применена эта угроза, классификация по свойствам информации и вероятные источники угрозы. Дополнительно в блоке Связанные риски указаны связанные риски, а в блоке Каталоги указываются связи с записями из других каталогов.
Каталог Новая БДУ ФСТЭК от банка данных угроз безопасности информации ФСТЭК России содержит:
- матрицу Способы реализации (возникновения угроз) - каждая ячейка которых содержит описание поверхности атаки: группу способов, уровень возможностей нарушителя, возможные реализуемые угрозы, компоненты объектов воздействия, возможные меры защиты;
- Негативные последствия - перечень негативных последствий в классификации ФСТЭК в виде кода и описания;
- Угрозы - реестр угроз с описанием, каждая угроза содержит возможные объекты воздействия и возможные способы реализации угроз;
- Объекты - перечень объектов последствий с описанием и компонентами которые могут входить в состав объекта;
- Компоненты - перечень компонентов объектов воздействия с указанием объектов воздействия на которых они могут располагаться;
- Нарушители - уровни возможностей нарушителей классифицированные по возможностям и компетенции;
- Меры защиты - в терминологии SECURITM это список требований выполнение которых сокращает возможности нарушителя.
Каталог MITRE ATT&CK содержит:
- Матрица - содержит тактики и техники злоумышленника, позволяет на основании тактики или техники создать риск или уязвимость, в матрице указаны связи с рисками в базе Community и с рисками в базе команды;
- Тактики - направления действия нарушителя на том или ином этапе cyberkillchane;
- Техники - конкретные действия нарушителя для достижения цели на конкретном шаге cyberkillchane;
- Контрмеры - в терминологии SECURITM это список требований выполнение которых сокращает возможности нарушителя;
- Преступные группы - описание APT группировок и их особенности и модель поведения;
- Инструменты - ПО используемое нарушителями для вредоносного воздействия.
Матрицы могут использоваться для построения тепловой карты рисков наложенных на матрицы угроз и уязвимостей.
Сертификаты СЗИ
Каталог Сертификаты СЗИ может быть использован в модуле Активы как источник информации для поля Номер сертификата СЗИ. В модуле активов есть возможность вести реестр СЗИ используемых в организации, в свою очередь каталог сертификатов СЗИ позволяет связать актив с каталогом через поле актива Номер сертификата СЗИ.
Каталог Сертификаты СЗИ содержит реестр с информацией о номере сертификата, сроке действия сертификата и сроке поддержки СЗИ. Кроме реестра каталог содержит следующие метрики:
- Имеющиеся СЗИ - отображает количество активов у которых заполнено поле Номер сертификата СЗИ;
- Скоро будут просрочены - отображает количество активов у которых срок действия сертификата меньше 90 календарных дней;
- Просроченные сертификаты - отображает количество активов у которых срок действия сертификата уже истек;
- Истекшая поддержка - отображает количество активов у которых срок действия сертификата уже истек.
Каждая метрика ведёт в реестр активов и выводит список СЗИ, отфильтрованный по соответствующим параметрам.
Нажав на просмотр сертификата, мы увидим карточку сертификата, сервис хранит информацию о следующих данных:
- Номер сертификата;
- Дата внесения в реестр;
- Срок действия сертификата;
- Срок окончания тех. поддержки;
- Наименование средства (шифр);
- Схема сертификации;
- Испытательная лаборатория;
- Орган по сертификации;
- Заявитель;
- Наименования документов соответствия;
- Реквизиты заявителя.
Реестр обновляется автоматически один раз в месяц.
Куда я попал?
CWE-862
CWE-862 Missing Authorization
Идентификаторы ФСТЭК уязвимостей
Идентификатор, базы данных общеизвестных уязвимостей информационной безопасности
| Идентификатор | Описание |
|---|---|
| BDU:2014-00033 | Уязвимость операционной системы Cisco IOS, позволяющая злоумышленнику повысить привилегии и выполнять произвольный код |
| BDU:2018-00869 | Уязвимость функции browser.identity.launchWebAuthFlow расширения WebExtensions браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2019-03693 | Уязвимость подсистемы UDF систем управления базами данных "Ред База Данных" и Firebird, позволяющая нарушителю выполнить произвольный код |
| BDU:2019-03811 | Уязвимость централизованной службы для поддержки информации о конфигурации, именования, обеспечения распределенной синхронизации и предоставления групповых служб Apache ZooKeeper, позволяющая нарушителю записать произвольные файлы в операционной сист... |
| BDU:2019-04342 | Уязвимость набора инструментов DevTools браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к локальным файлам |
| BDU:2020-00045 | Уязвимость программного обеспечения для интеграции корпоративных приложений SAP NetWeaver Process Integration, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2020-00569 | Уязвимость программного обеспечения SAP Leasing, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2020-00804 | Уязвимость службы keystore программной интеграционной платформы SAP NetWeaver, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2020-00886 | Уязвимость веб-интерфейса администрирования платформы управления политиками соединений Cisco Identity Services Engine, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2020-01324 | Уязвимость функции base_sock_create из drivers/isdn/mISDN/socket.c модуля AF_ISDN ядра операционной системы Linux, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2020-01488 | Уязвимость компонента arch/powerpc/kernel/process.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации |
| BDU:2020-02043 | Уязвимость системы ввода для записи нескольких языков в Unix-подобных операционных системах ibus, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность |
| BDU:2020-03122 | Уязвимость программного средства администрирования лицензий Cisco Smart Software Manager On-Prem, связанная с недостатками контроля доступа, позволяющая нарушителю создавать произвольные учетные записи пользователей |
| BDU:2020-04370 | Уязвимость компонента Windows Mobile Device Management (MDM) Diagnostics операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2020-04607 | Уязвимость веб-интерфейса операционной системы Cisco IOS XE, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2020-04947 | Уязвимость компонента "file transfer" сервера TIBCO Managed File Transfer Platform Server, позволяющая нарушителю изменить произвольные файлы |
| BDU:2020-05604 | Уязвимость обработчика PDF-содержимого PDFium веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2020-05613 | Уязвимость компонента Networking веб-браузера Google Chrome, позволяющая нарушителю повысить свои привилегии |
| BDU:2020-05638 | Уязвимость микропрограммного обеспечения модульного контроллера для автоматизации трансформаторных подстанций Schneider Electric Easergy T300 модуля SC150, связанная с некорректной авторизацией пользователей, позволяющая нарушителю просматривать и из... |
| BDU:2020-05760 | Уязвимость программного средства управления персоналом SAP ERP HCM, связанная с отсутствием авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2020-05790 | Уязвимость платформы бизнес-аналитики SAP Business Objects Business Intelligence Platform, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести XSS-атаки |
| BDU:2021-00082 | Уязвимость компонента "ALTER ... DEPENDS ON EXTENSION" системы управления базами данных PostgreSQL, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2021-00360 | Уязвимость функции browser.tabs.executeScript () расширения WebExtensions браузера Mozilla Firefox, позволяющая нарушителю проводить межсайтовые сценарные атаки |
| BDU:2021-01247 | Уязвимость микропрограммного обеспечения маршрутизатора ZyXEL P-1302-T10 v3, связанная с недостатками защиты служебных данных, позволяющая нарушителю повысить свои привилегии |
| BDU:2021-01448 | Уязвимость функции recv_files в receiver.c утилиты для передачи и синхронизации файлов Rsync, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2021-01776 | Уязвимость компонента scan.c VNC-сервера X11vnc, связанная с отсутствием механизма авторизации, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2021-02168 | Уязвимость компонента Generic Market Data программного средства автоматизация банковской деятельности SAP Banking Services, позволяющая нарушителю оказать воздействие на целостность и раскрыть защищаемую информацию |
| BDU:2021-03168 | Уязвимость функции ContentModelChange программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2021-03300 | Уязвимость компонента shared/view_source.php программного обеспечения для управления медицинскими записями OpenClinic, позволяющая нарушителю выполнить произвольный код |
| BDU:2021-03443 | Уязвимость компонента RTAS ядра операционной системы Linux, связанная с отсутствием механизма авторизации, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании |
| BDU:2021-04000 | Уязвимость сетевого сервиса Ehcache RMI программных продуктов для обработки данных Jira Data Center, Jira Core Data Center, Jira Software Data Center, позволяющая нарушителю выполнить произвольный код |
| BDU:2021-04237 | Уязвимость функций notifyProfileAdded и notifyProfileRemoved операционной системы Android, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2021-04582 | Уязвимость компонента proxy65 сервера для Jabber/XMPP Prosody, связанная с отсутствием механизма авторизации, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2021-04592 | Уязвимость библиотеки управления виртуализацией Libvirt, связанная с ошибками авторизации, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2021-04656 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с ошибками авторизации, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2021-04813 | Уязвимость контроллера доставки приложений Citrix ADC (ранее Citrix NetScaler Application Delivery Controller), системы контроля доступа к виртуальной среде Citrix Gateway (ранее Citrix NetScaler Gateway) и программного средства управления сетью Citr... |
| BDU:2021-04975 | Уязвимость службы JMS Connector Service сервера веб-приложений SAP NetWeaver Java Application Server, позволяющая нарушителю обойти существующие ограничения безопасности или выполнить произвольный код |
| BDU:2021-06095 | Уязвимость компонента cgi-bin/upload_firmware.cgi микропрограммного обеспечения маршрутизатора D-Link DIR-823G, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2021-06110 | Уязвимость сервера автоматизации Jenkins, связанная с отсутствием процедуры авторизации, позволяющая нарушителю создать родительские каталоги в FilePathmkdirs |
| BDU:2021-06207 | Уязвимость интерфейса J-Web операционных систем Junos OS, позволяющая нарушителю обойти ограничения безопасности |
| BDU:2021-06221 | Уязвимость компонента FilePathlistFiles сервера автоматизации Jenkins, связанная с отсутствием процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2021-06222 | Уязвимость компонента FilePathreading(FileVisitor) сервера автоматизации Jenkins, позволяющая нарушителю иметь неограниченный доступ для чтения файлов с использованием определенных операций |
| BDU:2021-06271 | Уязвимость сервера автоматизации Jenkins, связанная с отсутствием процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2021-06323 | Уязвимость микропрограммного обеспечения Ethernet модулей WISE-4060 и Adam-6050 D, связанная с недостатками процедуры проверок ввода текущего пароля, позволяющая нарушителю получить полный доступ к устройству с привилегии администратора |
| BDU:2022-00040 | Уязвимость сервера автоматизации Jenkins, связанная с отсутствием процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации |
| BDU:2022-00173 | Уязвимость демона 1905 микропрограммного обеспечения микросхем MediaTek МТ7603Е, МТ7613, МТ7615, МТ7622, МТ7628, МТ7629, МТ7915, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2022-00682 | Уязвимость подсистемы виртуализации KVM ядра операционной системы Linux, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-00683 | Уязвимость ядра операционной системы Linux, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-00879 | Уязвимость универсальной системы мониторинга Zabbix , связанная с ошибками авторизации, позволяющая нарушителю выполнить произвольный код с root-привилегиями |
| BDU:2022-01056 | Уязвимость программного обеспечения Apache ShenYu, связанная с отсутствием авторизации для критичной функции, позволяющая нарушителю обойти введенные ограничения безопасности |
| BDU:2022-01057 | Уязвимость программного обеспечения Apache ShenYu, связанная с отсутствием авторизации для критичной функции, позволяющая нарушителю обойти введенные ограничения безопасности |
| BDU:2022-01781 | Уязвимость компонента net/http/httputil языка программирования Golang, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2022-02440 | Уязвимость веб-сервера Atlassian Confluence Server, связанная с ошибками авторизации, позволяющая нарушителю читать произвольные файлы |
| BDU:2022-02482 | Уязвимость веб-интерфейса микропрограммного обеспечения маршрутизаторов Cisco Small Business RV340, RV340W, RV345, RV345P, позволяющая нарушителю повысить свои привилегии до уровня root |
| BDU:2022-03004 | Уязвимость системного вызова PTRACE_SEIZE безопасного режима вычислений seccomp ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-03018 | Уязвимость службы хостинга RubyGems.org, связанная с ошибками авторизации, позволяющая нарушителю получить доступ на создание, изменение или удаление данных |
| BDU:2022-04059 | Уязвимость веб-интерфейса управления программного обеспечения контроллера Cisco AppDynamics Controller, позволяющая нарушителю раскрыть защищаемую информацию и повысить свои привилегии |
| BDU:2022-04234 | Уязвимость приложения создания фотоальбомов Video Station, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-04332 | Уязвимость сервера TUG Home Base Server, связанная с недостатками процедуры авторизации, позволяющая нарушителю добавлять и удалять произвольных пользователей |
| BDU:2022-04333 | Уязвимость сервера TUG Home Base Server, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к хэшированным учетным данным |
| BDU:2022-04364 | Уязвимость микропрограммного обеспечения удаленных терминалов Siemens SICAM, связанная с недостатками процедуры авторизации, позволяющая нарушителю читать произвольные файлы |
| BDU:2022-04841 | Уязвимость плагина Jenkins Buckminster Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04842 | Уязвимость плагина Jenkins Lucene-Search Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04844 | Уязвимость плагина Jenkins Openstack Heat Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04845 | Уязвимость плагинаJenkins Openstack Heat Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю совершить подмену URL-адреса |
| BDU:2022-04846 | Уязвимость плагина Jenkins Google Cloud Backup Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю копировать произвольные файлы |
| BDU:2022-04847 | Уязвимость плагина Jenkins Files Found Trigger Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04849 | Уязвимость плагина Jenkins Coverity Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04853 | Уязвимость плагина Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04855 | Уязвимость плагина Jenkins Coverity Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04858 | Уязвимость плагина Jenkins OpenShift Deployer Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04860 | Уязвимость плагина Jenkins Repository Connector Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть информацию об идентификаторах учетных данных |
| BDU:2022-04864 | Уязвимость плагина Jenkins Deployer Framework Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04866 | Уязвимость плагина Jenkins Compuware Xpediter Code Coverage Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04867 | Уязвимость плагина Jenkins Compuware ISPW Operations Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04868 | Уязвимость плагина Jenkins rhnpush-plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04869 | Уязвимость плагина Jenkins HashiCorp Vault Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04871 | Уязвимость плагина Jenkins Repository Connector Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть защищаемую информацию о файловой системе |
| BDU:2022-04874 | Уязвимость плагина Jenkins rpmsign-plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04875 | Уязвимость плагина Jenkins Compuware Topaz Utilities Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-04939 | Уязвимость платформы SAP Enable Now Manager, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и нарушить её целостность |
| BDU:2022-05210 | Уязвимость функции Uninstall Protection программного средства защиты конечных точек Crowdstrike Falcon, позволяющая нарушителю удалить программное обеспечение CrowdStrike |
| BDU:2022-05213 | Уязвимость программного средства Illumina Local Run Manager, связанная с отсутствием процедуры авторизации, позволяющая нарушителю внедрять, воспроизводить, изменять и/или перехватывать конфиденциальные данные |
| BDU:2022-05498 | Уязвимость утилиты для передачи и синхронизации файлов Rsync, связанная с ошибками авторизации, позволяющая нарушителю записывать произвольные файлы |
| BDU:2022-05538 | Уязвимость программного обеспечения SAP Enterprise Extension Defense Forces Public Security, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-05608 | Уязвимость компонента Build Handler плагина Jenkins Git Plugin, связанная с ошибками авторизации, позволяющая нарушителю обойти введенные ограничения безопасности и повысить свои привилегии |
| BDU:2022-05669 | Уязвимость компонента Application Business Partner Extension программной платформы SAP S/4HANA, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-06104 | Уязвимость гипервизора Xen, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-06174 | Уязвимость браузера Firefox for iOS, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2022-06329 | Уязвимость плагина Jenkins OpenShift Deployer Plugin, связанная с ошибками авторизации, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии |
| BDU:2022-06702 | Уязвимость функции изменения пароля доступа к веб-интерфейсу промышленных коммутаторов Siemens SCALANCE и RUGGEDCOM, позволяющая нарушителю повысить свои привилегии |
| BDU:2022-07249 | Уязвимость компонента Controller File System Handler плагина Jenkins OpenShift Deployer Plugin, позволяющая нарушителю обойти введенные ограничения безопасности и пвысить свои привилегии |
| BDU:2023-00047 | Уязвимость плагина Jenkins extreme-feedback Plugin, связанная с отсутствием проверки разрешений в подключаемом модуле, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации |
| BDU:2023-00049 | Уязвимость плагина Jenkins Tuleap Git Branch Source Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-00641 | Уязвимость декларативного инструмента непрерывной доставки GitOps для Kubernetes Argo CD, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-01079 | Уязвимость функции shell_exec() программного обеспечения для организации видеонаблюдения ZoneMinder, позволяющая нарушителю выполнить произвольный код |
| BDU:2023-01289 | Уязвимость программных интеграционных платформ SAP NetWeaver AS ABAP и SAP NetWeaver ABAP, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю перезаписывать произвольные файлы |
| BDU:2023-01385 | Уязвимость системы мониторинга критически важного оборудования StruxureWare Data Center Expert, связанная с недостатками процедуры авторизации, позволяющая нарушителю выполнять несанкционированные функции, изменять или удалять произвольный контент |
| BDU:2023-01480 | Уязвимость обработчика клиентских запросов системы безопасного управления доступом к IED Siemens RUGGEDCOM CROSSBOW, позволяющая нарушителю выполнить произвольные действия |
| BDU:2023-01481 | Уязвимость обработчика клиентских запросов системы безопасного управления доступом к IED Siemens RUGGEDCOM CROSSBOW, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-01482 | Уязвимость обработчика клиентских запросов системы безопасного управления доступом к IED RUGGEDCOM CROSSBOW, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-01773 | Уязвимость службы Kubernetes облачной платформы Red Hat OpenShift Data Science (RHODS), позволяющая нарушителю отправлять произвольные API-запросы |
| BDU:2023-02023 | Уязвимость загрузчика GRand Unified Bootloader (GRUB) операционной системы Cisco IOS XR маршрутизаторов Network Convergence System 540 Series и Cisco 9000 Series, позволяющая нарушителю выполнить произвольный код |
| BDU:2023-03013 | Уязвимость плагина Jenkins Cisco Spark Notifier Plugin, связанная с недостатками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-03078 | Уязвимость файла конфигурации authorize.conf платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-03521 | Уязвимость оболочки EMUI операционной системы HarmonyOS, связанная с недостатками процедуры авторизации, позволяющая нарушителю запустить процедуру отображения рекламы или других случайных окон в произвольное время |
| BDU:2023-04017 | Уязвимость локального хранилища (localstorage) браузера Mozilla Firefox, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-04078 | Уязвимость функции createUser системы управления, диагностики и оптимизации работы сетевых устройств ProSafe Network Management NMS300, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-04089 | Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с недостатками процедуры аутентификации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2023-04308 | Уязвимость службы bluetooth микропрограммного обеспечения чипсетов Unisoc, связанная с отсутствием проверки разрешений, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-04311 | Уязвимость службы bluetooth микропрограммного обеспечения чипсетов Unisoc, связанная с отсутствием проверки разрешений, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-04329 | Уязвимость веб-интерфейса микропрограммного обеспечения устройств централизованного управления сетью VMware SD-WAN Edge, позволяющая нарушителю обойти ограничения безопасности и получить доступ на чтение, изменение или удаление данных |
| BDU:2023-04559 | Уязвимость программных интеграционных платформ SAP NetWeaver AS ABAP и SAP NetWeaver ABAP, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации |
| BDU:2023-04595 | Уязвимость плагина EventON Lite системы управления содержимым сайта WordPress, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-04702 | Уязвимость плагина Sitemap by click5 системы управления содержимым сайта WordPress, позволяющая нарушителю создать учетную запись с правами администратора и осуществить CSRF-атаку |
| BDU:2023-04921 | Уязвимость микропрограммного обеспечения веб-панелей для управления и мониторинга процессов в промышленных системах PHOENIX CONTACT WP 6xxx, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к... |
| BDU:2023-04931 | Уязвимость микропрограммного обеспечения веб-панелей для управления и мониторинга процессов в промышленных системах PHOENIX CONTACT WP 6xxx, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на целостность и д... |
| BDU:2023-05010 | Уязвимость службы SAP BW BI Consumer Service (BICS) системы управления данными и аналитики SAP Business Warehouse и SAP BW/4HANA, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-05273 | Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с ошибками авторизации, позволяющая нарушителю выполнить произвольный веб-скрипт с повышенными привилегиями |
| BDU:2023-05986 | Уязвимость программного обеспечения для управления медицинской организацией OpenEMR, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06076 | Уязвимость платформы для разработки и доставки контейнерных приложений Docker Desktop, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить полные права администратора |
| BDU:2023-06214 | Уязвимость ядра оболочки EMUI операционной системы HarmonyOS, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность данных |
| BDU:2023-06416 | Уязвимость функции restore_settings плагина Comments Like Dislike системы управления содержимым сайта WordPress, позволяющая нарушителю оказать воздействие на целостность данных |
| BDU:2023-06457 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-06476 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-06477 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-06479 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-06480 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-06481 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06482 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06483 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06485 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06486 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-06487 | Уязвимость программного обеспечения резервного копирования и восстановления данных на компьютерах и серверах Acronis Agent, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06492 | Уязвимость программного средства резервного копирования и восстановления данных Acronis Cyber Protect Home Office, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-06709 | Уязвимость плагина Jenkins Fortify Plugin, связанная с ошибками авторизации, позволяющая нарушителю получить доступ к сессии другого пользователя |
| BDU:2023-06945 | Уязвимость компонента Withholding Tax Items программной платформы SAP S/4HANA, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-07139 | Уязвимость программного обеспечения WebTutor, связанная с отсутствием авторизации, позволяющая нарушителю выполнить произвольный код |
| BDU:2023-07391 | Уязвимость библиотеки SAP CommonCryptoLib, связанная с недостатками процедуры авторизации, позволяющая нарушителю читать, изменять или удалять данные с ограниченным доступом |
| BDU:2023-07398 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab Enterprise Edition, связнная с недостатками процедуры авторизации, позволяющая нарушителю запускать задания конвейера от имени произвольного пользователя |
| BDU:2023-07528 | Уязвимость функций pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta и pmdm_wp_ajax_delete_meta плагина для системы управления содержимым сайта WordPress Post Meta Data Manager, позволяющая нарушителю удалить произвольные метаданные пользователей |
| BDU:2023-07529 | Уязвимость функций pmdm_wp_change_user_meta и pmdm_wp_change_post_meta плагина Post Meta Data Manager для системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии |
| BDU:2023-08031 | Уязвимость реализации прикладного программного интерфейса системы аудита безопасности эксплуатации и обслуживания JumpServer, позволяющая нарушителю обойти процесс аутентификации |
| BDU:2023-08356 | Уязвимость функции admin_init() плагина Swift Performance Lite системы управления содержимым сайта WordPress, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-08538 | Уязвимость платформы анализа данных Hazelcast, связанная с недостатками процедуры авторизации, позволяющая нарушителю выполнять произвольные действия |
| BDU:2023-08588 | Уязвимость пакета Skupper программного средства Red Hat Service Interconnect, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2023-08669 | Уязвимость технологии WebSocket Java-фреймворка Quarkus, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и повысить свои привилегии |
| BDU:2023-08975 | Уязвимость плагина User Post Gallery системы управления содержимым сайта WordPress, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-00143 | Уязвимость модуля SocketService программного обеспечения для управления источниками бесперебойного питания Voltronic Power ViewPower Pro, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2024-00423 | Уязвимость функции public_website() плагина Hostinger системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-00504 | Уязвимость операционной системы NEXO-OS инструментов для монтажных работ на производственных линиях Bosch Nexo cordless nutrunner и Bosch Nexo special cordless nutrunner, позволяющая нарушителю загружать произвольные файлы |
| BDU:2024-00506 | Уязвимость операционной системы NEXO-OS инструментов для монтажных работ на производственных линиях Bosch Nexo cordless nutrunner и Bosch Nexo special cordless nutrunner, позволяющая нарушителю читать произвольные файлы |
| BDU:2024-00631 | Уязвимость плагина POST SMTP Mailer системы управления содержимым сайта WordPress, позволяющая нарушителю сбросить ключ API и получить несанкционированный доступ к защищаемой информации |
| BDU:2024-00745 | Уязвимость функции save_management_settings() плагина InstaWP Connect системы управления содержимым сайта WordPress, позволяющая нарушителю получить доступ на чтение, изменение или удаление данных |
| BDU:2024-00753 | Уязвимость программного обеспечения создания, мониторинга и оркестрации сценариев обработки данных Airflow, связанная с отсутствием авторизации, позволяющая нарушителю получить доступ к исходному коду DAG |
| BDU:2024-01136 | Уязвимость плагина ActivityPub системы управления содержимым сайта WordPress, повзволяющая нарушителю выполнять несанкционированные функции, изменять или удалять произвольный контент |
| BDU:2024-01180 | Уязвимость интерфейса приложения Poly Lens телефонов и акустических систем для конференц-связи Poly Trio, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-01268 | Уязвимость платформы создания совместных веб-приложений XWiki Platform XWiki , связанная с ошибками авторизации, позволяющая нарушителю редактировать произвольный документ |
| BDU:2024-01993 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к проекту |
| BDU:2024-02115 | Уязвимость плагина Podlove Web Player системы управления содержимым сайта WordPress, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на целостность и конфиденциальность защищаемой информации |
| BDU:2024-02556 | Уязвимость фреймворка для масштабирования приложений AI и Python Ray, связанная с недостатками процедуры авторизации, позволяющая нарушителю читать произвольные файлы в каталоге /static/ |
| BDU:2024-02669 | Уязвимость реализации прикладного программного интерфейса Client фреймворка для масштабирования приложений AI и Python Ray, позволяющая нарушителю выполнить произвольные команды |
| BDU:2024-02952 | Уязвимость облачного программного обеспечения защиты данных Acronis Cyber Protect Cloud, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-03017 | Уязвимость компонента Enter Package Data программного обеспечения для сбора финансовых данных для бизнеса SAP Group Reporting Data Collection, позволяющая нарушителю повысить свои привилегии и оказать воздействие на целостность данных |
| BDU:2024-03356 | Уязвимость функции tutor_delete_announcement() плагина Tutor LMS системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-03358 | Уязвимость функции hide_notices() плагина Tutor LMS системы управления содержимым сайта WordPress, позволяющая нарушителю получить доступ на чтение и изменение данных |
| BDU:2024-03374 | Уязвимость функции wpa_check_authentication() плагина Analytify системы управления содержимым сайта WordPress, позволяющая нарушителю изменить идентификатор отслеживания Google Analytics сайта |
| BDU:2024-03375 | Уязвимость функции update_form() плагина Admin Bar Editor системы управления содержимым сайта WordPress, позволяющая нарушителю включать или отключать панель администратора на внешнем интерфейсе сайта |
| BDU:2024-03569 | Уязвимость системных представлений pg_stats_ext, pg_stats_ext_exprs СУБД PostgreSQL, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-04265 | Уязвимость компонента My Overtime Request платформы проектирования бизнес-приложений SAP Fiori, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации |
| BDU:2024-04306 | Уязвимость платформы управления данными SAP Master Data Governance, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии и раскрыть защищаемую информацию |
| BDU:2024-04307 | Уязвимость средства для управления банковскими счетами SAP Bank Account Management (BAM), связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-04427 | Уязвимость функции postx_presets_callback() плагина PostX системы управления содержимым сайта WordPres, позволяющая нарушителю повысить свои привилегии и получить доступ на чтение, изменение или удаление данных |
| BDU:2024-04596 | Уязвимость системы безопасного управления доступом к IED Siemens RUGGEDCOM CROSSBOW, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-04644 | Уязвимость реализации модуля единого входа в приложения (SAML) для служб удаленного доступа VPN микропрограммного обеспечения межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Cisco Firepower Threat Defense (FTD), позволяющая нарушителю ус... |
| BDU:2024-04740 | Уязвимость компонента System webapi приложения для организации видеонаблюдения Surveillance Station, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-05079 | Уязвимость компонента Manage Incoming Payment Files программной платформы SAP S/4HANA, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2024-05090 | Уязвимость реализации процесса преобразования и передачи данных Transformation and Data Transfer Process (DTP) системы управления данными и аналитики SAP BW/4HANA, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-05100 | Уязвимость системы управления жизненным циклом студентов в высших учебных заведениях SAP Student Life Cycle Management (SLcM), связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-05213 | Уязвимость программного интерфейса Text Services Framework операционных систем Windows, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-05255 | Уязвимость механизма аутентификации Single sign-on (SSO) веб-интерфейса GitLab Duo Chat программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-05346 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-05350 | Уязвимость компонента Auto-attach Option Handler программного средства управления проектами и задачами JetBrains YouTrack, позволяющая нарушителю включить опцию автоматического присоединения к рабочим процессам |
| BDU:2024-06241 | Уязвимость функционала единого входа (SSO) платформы бизнес-аналитики SAP BusinessObjects Business Intelligence, позволяющая нарушителю получить полный доступ к устройству |
| BDU:2024-06311 | Уязвимость компонента org.xwiki.platform:xwiki-platform-oldcore платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-06700 | Уязвимость браузера Firefox, Firefox ESR, связанная с отсутствием диалогового окна подтверждения при открытии связанных с Usenet схем "news:" и "snews:", позволяющая нарушителю загрузить произвольное приложение и выполнить произвольный код |
| BDU:2024-07027 | Уязвимость командной оболочки Bash операционной системы Cisco NX-OS коммутаторов Cisco Nexus 3000 и Nexus 9000, позволяющая нарушителю выполнить произвольные команды |
| BDU:2024-07036 | Уязвимость плагинов InPost для WooCommerce и плагин InPost PL для WordPress, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-07043 | Уязвимость программного средства управления сетевыми сервисами SAP Shared Service Framework, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-07623 | Уязвимость компонента Blink веб-браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным |
| BDU:2024-08045 | Уязвимость программных интеграционных платформ SAP NetWeaver AS ABAP, SAP NetWeaver AS for Java, сервера содержимого SAP Content Server и веб-диспетчера SAP Web Dispatcher, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказат... |
| BDU:2024-08046 | Уязвимость системы управления жизненным циклом студентов в высших учебных заведениях SAP Student Life Cycle Management (SLcM)t, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-08048 | Уязвимость программного средства управления сетевыми сервисами SAP Shared Service Framework, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-08159 | Уязвимость компонента Web Server программного средства для создания отчетов Oracle BI Publisher, позволяющая нарушителю получить полный контроль над приложением |
| BDU:2024-08256 | Уязвимость компонента Item Catalog программного средства управления данными Oracle Product Hub системы автоматизации деятельности предприятия Oracle E-Business Suite, позволяющая нарушителю получить доступ на изменение, добавление и удаление данных |
| BDU:2024-08297 | Уязвимость компонента Quality Manager Specification приложения управления процессами разработки Oracle Process Manufacturing (OPM) Product Development системы автоматизации деятельности предприятия Oracle E-Business Suite, позволяющая нарушителю полу... |
| BDU:2024-08492 | Уязвимость компонента SplunkDeploymentServerConfig платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2024-08542 | Уязвимость интерфейса программного средства управления проектами и задачами JetBrains YouTrack, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-08549 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-08571 | Уязвимость компонента OSB Core Functionality интеграционной платформы для управления, маршрутизации и обработки сообщений между приложениями и сервисами Oracle Service Bus (OSB), позволяющая нарушителю получить несанкционированный доступ к защищаемой... |
| BDU:2024-08829 | Уязвимость платформы управления данными Microsoft Dataverse, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-08899 | Уязвимость конфигурационных настроек директории /api/configs пользовательского интерфейса Nginx UI сервера nginx, позволяющая нарушителю читать произвольные файлы |
| BDU:2024-08941 | Уязвимость реализации протокола Real-Time Streaming Protocol (RTSP) микропрограммного обеспечения сетевой IP-камеры D3D Security IP Camera D8801, позволяющая нарушителю получить доступ к видеопотоку |
| BDU:2024-09069 | Уязвимость программных интеграционных платформ SAP NetWeaver Application Server ABAP и ABAP Platform, связнная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2024-09079 | Уязвимость программного обеспечения управления аккаунтами JetBrains Hub, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-09283 | Уязвимость микропрограммного обеспечения маршрутизаторов D-Link DIR-823G, связанная с недостаточной защитой служебных данных, позволяющая получить несанкционированный доступ к защищаемой информации |
| BDU:2024-09318 | Уязвимость программного обеспечения для связи с контролируемыми устройствами Schneider Electric EcoStruxure IT Gateway, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить полный доступ к уязвимому программному обеспечению |
| BDU:2024-09425 | Уязвимость виртуальной обучающей среды Moodle, связанная с отсутствием авторизации, позволяющая нарушителю удалить данные |
| BDU:2024-09430 | Уязвимость корпоративной версии платформы GitHub Enterprise Server, связанная с недостатками процедуры авторизации, позволяющая нарушителю получать доступ к конфиденциальным данным |
| BDU:2024-10174 | Уязвимость компонента CMDaemon программного средства для управления рабочей нагрузкой и мониторинга инфраструктуры NVIDIA Base Command Manager, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-10212 | Уязвимость реализации прикладного программного интерфейса платформы управления сетевыми ресурсами Cisco Nexus Dashboard Fabric Controller (NDFC), связанная с отсутствием авторизации, позволяющая нарушителю оказать влияние нацелостность защищаемой инф... |
| BDU:2024-10214 | Уязвимость реализации прикладного программного интерфейса платформы аналитики и автоматизации работы с многооблачными сетями дата-центров Cisco Nexus Dashboard, связанная с отсутствием авторизации, позволяющая нарушителю оказать влияние на целостност... |
| BDU:2024-10215 | Уязвимость реализации прикладного программного интерфейса платформы управления сетевыми ресурсами Cisco Nexus Dashboard Fabric Controller (NDFC), связанная с отсутствием авторизации, позволяющая нарушителю оказать влияние на целостность и доступность... |
| BDU:2024-10261 | Уязвимость виртуальной обучающей среды Moodle, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к элементам системы |
| BDU:2024-10271 | Уязвимость компонента Socket Intercept Command File Interface операционной системы Juniper Networks Junos OS Evolved, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-10422 | Уязвимость гибридного облачного решения для управления тонкими клиентами Dell Wyse Management Suite, связанная с отсутствием процедуры авторизации, позволяющая нарушителю вызвать отказ в обслуживании и удалить произвольные файлы |
| BDU:2024-10538 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE , связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-10542 | Уязвимость программной интеграционной платформы SAP NetWeaver AS Java, связанная с отсутствием процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации |
| BDU:2024-10549 | Уязвимость модулей для защиты от спама Spam protection, AntiSpam, FireWall плагина CleanTalk для системы управления содержимым сайта WordPress, связанная с недостатками процедуры авторизации, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-10856 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-10867 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2024-10998 | Уязвимость HTTP-метода GET программного средства управления системами в режиме One-to-one Dell OpenManage Server Administrator (OMSA), позволяющая нарушителю повысить свои привилегии |
| BDU:2024-11009 | Уязвимость программного обеспечения управления ресурсами человеческого капитала в организации SAP Human Capital Management (HCM), связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-11217 | Уязвимость службы управления Veeam Backup Enterprise Manager средства защиты облачных, виртуальных и физических систем Veeam Backup Replication, позволяющая нарушителю повысить свои привилегии и вызвать отказ в обслуживании |
| BDU:2024-11244 | Уязвимость гиперконвергентной инфраструктуры программно-аппаратной платформы Microsoft Azure Stack (HCI), связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-11260 | Уязвимость функции wpforms_is_admin_page() плагина WPForms системы управления содержимым сайта WordPress, позволяющая нарушителю получить несанкционированный доступ на чтение и изменение данных |
| BDU:2024-11276 | Уязвимость средства резервного копирования данных Veeam Agent for Linux, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии до уровня root |
| BDU:2024-11299 | Уязвимость программного обеспечения для управления системой контроля доступа Geovision GV-ASManager, связанная с отсутствием процедуры авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2024-11300 | Уязвимость плагина StylemixThemes eRoom - Zoom Meetings Webinar системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-11316 | Уязвимость функции permission_callback плагина Hunk Companion системы управления содержимым сайта WordPress, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS) |
| BDU:2024-11402 | Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-11496 | Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с отсутствием процедуры авторизации, позволяющая нарушителю удалить произвольное сообщение |
| BDU:2024-11624 | Уязвимость системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2024-11637 | Уязвимость компонента Advanced Payment Management программного средства управления финансами SAP S/4HANA Finance, позволяющая нарушителю повысить свои привилегии |
| BDU:2024-11638 | Уязвимость программы для создания и управления обучающими материалами SAP Enable Now, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации |
| BDU:2025-00253 | Уязвимость модуля Open Social CMS-системы Drupal, связанная с недостатками процедуры авторизации, позволяющая нарушителю обойти ограничения безопасности и реализовать атаку принудительного просмотра (Forceful Browsing) |
| BDU:2025-00259 | Уязвимость модуля Download All Files CMS-системы Drupal, связанная с отсутствием авторизации, позволяющая нарушителю обойти ограничения безопасности и реализовать атаку принудительного просмотра (Forceful Browsing) |
| BDU:2025-00465 | Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, связанная с отсутствием авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-00701 | Уязвимость микропрограммного обеспечения маршрутизаторов Four-Faith F3x24, связанная с отсутствием авторизации, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-00865 | Уязвимость модуля Entity Delete Log CMS-системы Drupal, связанная с неправильной авторизацией, позволяющая нарушителю обойти ограничения безопасности и реализовать атаку принудительного просмотра (Forceful Browsing) |
| BDU:2025-01033 | Уязвимость сервера веб-приложений SAP NetWeaver Java Application Server, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-01101 | Уязвимость файла /admin/tag/save системы управления контентом Jfinal CMS, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-01196 | Уязвимость системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, позволяющая нарушителю получить доступ к конфиденциальной информации |
| BDU:2025-01262 | Уязвимость компонента WebKit браузера Safari операционных систем macOS, iOS, iPadOS, tvOS, visionOS, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-01285 | Уязвимость компонента Design Tools SEC системы управления ресурсами предприятия JD Edwards EnterpriseOne Tools, позволяющая нарушителю получить доступ на чтение, изменение, добавление или удаление данных |
| BDU:2025-01306 | Уязвимость средства для создания и управления документами SAP Document Builder, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-01370 | Уязвимость компонента Password Autofill операционных систем visionOS, iOS, iPadOS, MacOS и watchOS, позволяющая нарушителю читать и записывать произвольные файлы |
| BDU:2025-01382 | Уязвимость операционных систем macOS, связанная с отсутствием авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-01644 | Уязвимость компонента OSB Core Functionality интеграционной платформы для управления, маршрутизации и обработки сообщений между приложениями и сервисами Oracle Service Bus (OSB), позволяющая нарушителю получить несанкционированный доступ к защищаемой... |
| BDU:2025-02154 | Уязвимость сервера бизнес-аналитики Hitachi Vantara Pentaho Business Analytics Server, связанная с отсутствием авторизации, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании |
| BDU:2025-02195 | Уязвимость компонента виртуального устройства Delegated License Service (DLS) системы лицензирования NVIDIA, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и вызвать отказ в обслуживании |
| BDU:2025-03141 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с отсутствием процедуры авторизации, позволяющая нарушителю изменять статус задач в общедоступных проектах |
| BDU:2025-03174 | Уязвимость компонента Service Layer системы управления ресурсами предприятия SAP Business One, позволяющая нарушителю повысить свои привилегии и получить доступ на чтение, изменение и/или добавление данных |
| BDU:2025-03176 | Уязвимость компонента Process Chains системы управления данными и аналитики SAP Business Warehouse, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-03228 | Уязвимость плагина Tutor LMS системы управления содержимым сайта WordPress, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-03626 | Уязвимость приложения для мониторинга и управления подтверждения поставок SAP Just In Time, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-03629 | Уязвимость компонента eDocument Cockpit программного обеспечения для обработки электронных счетов-фактур SAP Electronic Invoicing for Brazil, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-03792 | Уязвимость сервера автоматизации Jenkins, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации |
| BDU:2025-03793 | Уязвимость сервера автоматизации Jenkins, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к защищаемой информации |
| BDU:2025-03802 | Уязвимость сервера системы управления базами данных MongoDB, связанная с отсутствием процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации |
| BDU:2025-03903 | Уязвимость пакета программ сетевого взаимодействия Samba, связанная с ошибками авторизации, позволяющая нарушителю получить доступ к конфиденциальным данным |
| BDU:2025-04025 | Уязвимость компонента PDFClass Handler платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-04298 | Уязвимость программной интеграционной платформы SAP NetWeaver, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2025-04574 | Уязвимость компонента Name Handler инструмента настройки сервисов Consul и Consul Enterprise, позволяющая нарушителю получить доступ к потенциально конфиденциальной информации |
| BDU:2025-04744 | Уязвимость инструмента управления базами данных pgAdmin 4, связанная с отсутствием авторизации, позволяющая нарушителю обойти проверку авторизации и выполнить произвольный код |
| BDU:2025-04837 | Уязвимость платформы управления программными средами SAP Solution Manage, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-04838 | Уязвимость платформы электронной коммерции SAP Commerce Cloud, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-04839 | Уязвимость программной интеграционной платформы SAP NetWeaver Application Server ABAP, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-04841 | Уязвимость компонента RFC Enabled Function Module программных интеграционных платформ SAP NetWeaver и ABAP Platform, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-04845 | Уязвимость бизнес-приложения для управления знаниями SAP KMC WPC, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-05162 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab Enterprise Edition, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-05353 | Уязвимость компонента org.xwiki.platform:xwiki-platform-repository-rest-server платформы создания совместных веб-приложений XWiki Platform, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-05355 | Уязвимость компонента org.xwiki.platform:xwiki-platform-security-authentication-ui платформы создания совместных веб-приложений XWiki Platform, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-05356 | Уязвимость компонента org.xwiki.platform:xwiki-platform-component-wiki платформы создания совместных веб-приложений XWiki Platform, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-05538 | Уязвимость операционных систем MacOS, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-05791 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-05980 | Уязвимость функции ayssavegoogle_credentials() плагина Quiz Maker системы управления содержимым сайта WordPress, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и проводить межсайтовые сценарные атаки |
| BDU:2025-06112 | Уязвимость компонента Grade Report Handler виртуальной обучающей среды Moodle, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-06166 | Уязвимость оркестратора приложений Nomad, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-06167 | Уязвимость оркестратора приложений Nomad, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-06173 | Уязвимость оркестратора приложений Nomad, связанная с некорректной обработкой заголовка сетевого пакета, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-06372 | Уязвимость плагина Zoho Flow системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-06654 | Уязвимость программной интеграционной платформы SAP NetWeaver Application Server ABAP, связанная с отсутствием механизма проверки подлинности при обработке входящих RFC-запросов, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-06756 | Уязвимость компонента Enterprise Event Enablement программной платформы SAP S/4HANA, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2025-06758 | Уязвимость плагина SAP Plug-In Basis системы управления данными и аналитики SAP Business Warehouse, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-06759 | Уязвимость плагина AC системы управления рисками, соблюдения нормативных требований и корпоративного управления SAP GRC (Governance, Risk, and Compliance), позволяющая нарушителю получить несанкционированный доступ на чтение и изменение данных |
| BDU:2025-06828 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab Enterprise Edition (EE), связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на чтение и изменение данных |
| BDU:2025-07573 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-07635 | Уязвимость системы непрерывной интеграции и доставки приложений (CI/CD) JetBrains TeamCity, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-07920 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю обойти ограничения безопасности и получить доступ на чтение и изменение данных |
| BDU:2025-07921 | Уязвимость интерфейса GraphQL API программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю обойти ограничения безопасности и повысить свои привилегии |
| BDU:2025-08109 | Уязвимость компонента CRM User Management Framework пакета приложений Oracle Common Applications системы автоматизации деятельности предприятия Oracle E-Business Suite, позволяющая нарушителю получить несанкционированный доступ к защищаемой информаци... |
| BDU:2025-08330 | Уязвимость службы StateRepository операционной системы Windows, позволяющая нарушителю получить доступ на чтение и изменение данных |
| BDU:2025-08747 | Уязвимость веб-интерфейса программного обеспечения для управления политиками безопасности Juniper Networks Security Director, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-08750 | Уязвимость компонента Virtual Routing and Forwarding (VRF) операционных систем Juniper Networks Junos OS Evolved, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-08799 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с отсутствием процедуры авторизации, позволяющая нарушителю проводить спуфинг-атаки |
| BDU:2025-09118 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-09371 | Уязвимость функции get_details() плагина POST SMTP системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии и раскрыть защищаемую информацию |
| BDU:2025-09686 | Уязвимость корпоративной версии платформы GitHub Enterprise Server, связанная с отсутствием процедуры авторизации, позволяющая нарушителю видеть имена частных репозиториев |
| BDU:2025-09757 | Уязвимость плагина Confluence приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-09758 | Уязвимость плагина Confluence приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации и повысить свои привилегии |
| BDU:2025-09759 | Уязвимость плагина Confluence приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-09760 | Уязвимость плагина Confluence приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-09766 | Уязвимость плагина Confluence приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-10074 | Уязвимость службы Remote Desktop Services (RDS) операционных систем Windows, позволяющая нарушителю получить несанкционированный доступ на изменение защищаемой информации |
| BDU:2025-10224 | Уязвимость платформы виртуализации VMware Cloud Foundation, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-10330 | Уязвимость операционных систем Cisco IOS коммутаторов Cisco Industrial Ethernet 2000, 4000, 4010 и 5000, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-10423 | Уязвимость компонента Manage Processing Rules (For Bank Statement) программной платформы SAP S/4HANA, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-10425 | Уязвимость компонента Bank Account Application программной платформы SAP S/4HANA, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-10428 | Уязвимость компонента Manage Central Purchase Contract программной платформы SAP S/4HANA, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации |
| BDU:2025-10435 | Уязвимость компонента EPC2 микропрограммного обеспечения промышленного цифрового газоанализатора MEAC300-FNADE4, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации |
| BDU:2025-10461 | Уязвимость компонента NFS Export операционной системы PowerScale OneFS, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-10640 | Уязвимость программных интеграционных платформ SAP NetWeaver и ABAP Platform, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-10642 | Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, связанная с отсутствием процедуры авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-10651 | Уязвимость системы управления данными и аналитики SAP Business Warehouse, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-10652 | Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-10654 | Уязвимость программной интеграционной платформы SAP NetWeaver, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-10935 | Уязвимость микропрограммного обеспечения сетевого видеорегистратора Digiever DS-2105 Pro, связанная с отсутствием авторизации, позволяющая нарушителю выполнить произвольные команды |
| BDU:2025-11006 | Уязвимость программного обеспечения администрирования сети Cisco Secure Firewall Management Center (ранее Cisco Firepower Management Center), связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть конфиденциальную информацию |
| BDU:2025-11007 | Уязвимость программного обеспечения администрирования сети Cisco Secure Firewall Management Center (ранее Cisco Firepower Management Center), связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на чтение данных |
| BDU:2025-11290 | Уязвимость изолированной программной среды Sandbox операционных систем iOS, iPadOS, tvOS, watchOS, macOS, позволяющая нарушителю обойти защитный механизм песочницы |
| BDU:2025-11515 | Уязвимость компонента SharedFileList операционных систем MacOS, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии |
| BDU:2025-11518 | Уязвимость компонента Shortcuts операционных систем MacOS, iPadOS и iOS, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии |
| BDU:2025-11603 | Уязвимость операционной системы Android, связанная с отсутствием авторизации, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-11606 | Уязвимость функции isSystem файла WifiPermissionsUtil.java операционной системы Android, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2025-11645 | Уязвимость компонента Framework операционных систем Android, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код |
| BDU:2025-11688 | Уязвимость компонента Framework операционных систем Android, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-11751 | Уязвимость веб-сервера VPN микропрограммного обеспечения межсетевых экранов Cisco Adaptive Security Appliance (ASA) и Cisco Firepower Threat Defense (FTD), позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой инфо... |
| BDU:2025-12463 | Уязвимость платформы для работы с кодом GitFlic, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-12464 | Уязвимость платформы для работы с кодом GitFlic, связанная с отсутствием авторизации, позволяющая нарушителю выполнять произвольные http-запросы от имени сервера |
| BDU:2025-12672 | Уязвимость сервисов управления интегрированными средами разработки IDE Services, связанная с недостатками процедуры авторизации, позволяющая нарушителю повысить привилегии |
| BDU:2025-12842 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-12945 | Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с ошибками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-12946 | Уязвимость системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, связанная с ошибками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ на удаление защищаемой информации |
| BDU:2025-12947 | Уязвимость функции внешних ссылок системы заявок, инцидентов и инвентаризации компьютерного оборудования GLPI, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-12950 | Уязвимость программного интерфейса платформы создания совместных веб-приложений XWiki Platform XWiki, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2025-12955 | Уязвимость функционального модуля RFC-интерфейса программных интеграционных платформ SAP NetWeaver Application Server ABAP и ABAP Platform, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-12956 | Уязвимость системы управления данными и аналитики SAP Business Warehouse, связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-12957 | Уязвимость системы управления данными и аналитики SAP Business Warehouse, связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-12959 | Уязвимость программных интеграционных платформ SAP NetWeaver Application Server ABAP и ABAP Platform, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации |
| BDU:2025-12961 | Уязвимость программного решения для оптимизации операций в промышленности SAP for Oil Gas, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на удаление пользовательских данных |
| BDU:2025-13316 | Уязвимость компонента Detail View программного обеспечения для аналитики и анализа данных Hitachi Ops Center Analyzer, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-13332 | Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с недостатками процедуры авторизации, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-13336 | Уязвимость реализации протокола OAuth приложения для обмена мгновенными сообщениями Mattermost, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-13340 | Уязвимость приложения для обмена мгновенными сообщениями Mattermost, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-13455 | Уязвимость облачного корпоративного решения для планирования и управления программными и ИТ-проектами Jira Align (ранее AgileCraft), связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаем... |
| BDU:2025-13579 | Уязвимость прикладного программного интерфейса программной платформы на базе git для совместной работы над кодом GitLab EE, связанная с ошибками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к агентам из другого пр... |
| BDU:2025-13804 | Уязвимость компонента UEFI микропрограммного обеспечения встраиваемых платформ для искусственного интеллекта NVIDIA Jetson Orin Series и NVIDIA Jetson Xavier Series, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2025-14034 | Уязвимость компонента Compiler виртуальной машины Oracle GraalVM for JDK, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14083 | Уязвимость функции CREATE STATISTICS системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2025-14153 | Уязвимость платформ для составления отчётов Nuance PowerScribe One и Nuance PowerScribe 360, связанная с отсутствием авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-14460 | Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14472 | Уязвимость инструмента для мониторинга ИТ-инфраструктуры Nagios XI, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14492 | Уязвимость веб-терминала SSH инструмента для мониторинга ИТ-инфраструктуры Nagios XI, позволяющая нарушителю выполнить произвольный код и раскрыть защищаемую информацию |
| BDU:2025-14683 | Уязвимость модуля XWiki Remote Macros платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14704 | Уязвимость конфигурации Allow Insecure Logins инструмента для мониторинга ИТ-инфраструктуры Nagios XI, позволяющая нарушителю повысить свои привилегии и получить полный контроль над приложением |
| BDU:2025-14726 | Уязвимость операционной системы OxygenOS устройств OnePlus 8T и 10 Pro 5G, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю получить несанкционированный доступ к конфиденциальной информации |
| BDU:2025-14895 | Уязвимость программного обеспечения управления аккаунтами JetBrains Hub, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14915 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с недостатками процедуры авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-14916 | Уязвимость программного средства управления проектами и задачами JetBrains YouTrack, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на чтение и изменение данных |
| BDU:2025-14928 | Уязвимость прикладного программного интерфейса программной платформы на базе git для совместной работы над кодом GitLab, связанная с отсутствием процедуры авторизации, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-15404 | Уязвимость функции __construct плагина POST SMTP системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии и раскрыть защищаемую информацию |
| BDU:2025-15429 | Уязвимость пакета офисных программ Apache OpenOffice, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие ограничения безопаности путем загрузки специально созданных файлов |
| BDU:2025-15431 | Уязвимость пакета офисных программ Apache OpenOffice, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-15432 | Уязвимость пакета офисных программ Apache OpenOffice, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-15433 | Уязвимость пакета офисных программ Apache OpenOffice, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-15434 | Уязвимость пакета офисных программ Apache OpenOffice, связанная с отсутствием авторизации, позволяющая нарушителю обойти существующие ограничения безопасности |
| BDU:2025-15438 | Уязвимость пакета офисных программ Apache OpenOffice, связанная с отсутствием авторизации, позволяющая нарушителю раскрыть защищаемую информацию |
| BDU:2025-15449 | Уязвимость межсетевого экрана PT NGFW, связанная с отсутствием авторизации, позволяющая нарушителю получить доступ к защищаемой информации |
| BDU:2025-15899 | язвимость системы поиска Enterprise Search программной интеграционной платформы SAP ABAP Platform, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-15904 | Уязвимость компонента AuthN системы распределённого хранения данных для приложений на основе искусственного интеллекта NVIDIA AIStore, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-15910 | Уязвимость микропрограммного обеспечения сетевых устройств Zyxel ATP, USG FLEX и USG FLEX 50(W)/USG20(W)-VPN, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации |
| BDU:2025-16006 | Уязвимость веб-интерфейса средства администрирования Juniper Networks Junos Space Security Director, позволяющая нарушителю получить несанкционированный доступ на чтение и изменение защищаемой информации |
| BDU:2025-16082 | Уязвимость инструмента Service Data Control Center (SDCCN) программных интеграционных платформ SAP NetWeaver и ABAP Platform, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации |
| BDU:2025-16145 | Уязвимость консоли управления микропрограммного обеспечения межсетевых экранов SonicWall SMA1000, позволяющая нарушителю повысить свои привилегии |
| BDU:2025-16260 | Уязвимость плагина SAP Plug-In Basis системы управления данными и аналитики SAP Business Warehouse, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-16306 | Уязвимость программной интеграционной платформы SAP NetWeaver ABAP, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-16351 | Уязвимость клиента реализации протокола Kermit пакета программного обеспечения для последовательной и сетевой связи C-Kermit, позволяющая нарушителю выполнить произвольный код |
| BDU:2025-16385 | Уязвимость плагина Malcure Malware Scanner системы управления содержимым сайта WordPress, позволяющая нарушителю выполнить произвольный код |
| BDU:2026-00020 | Уязвимость компонента My Timesheet Fiori 2.0 программного обеспечения для управления персоналом SAP HCM, позволяющая нарушителю повысить привилегии |
| BDU:2026-00021 | Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на чтение параметров профиля |
| BDU:2026-00023 | Уязвимость программной интеграционной платформы SAP NetWeaver, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на чтение системных данных |
| BDU:2026-00025 | Уязвимость компонента My Timesheet Fiori 2.0 программного обеспечения для управления персоналом SAP HCM, позволяющая нарушителю повысить привилегии |
| BDU:2026-00026 | Уязвимость компонента My Timesheet Fiori 2.0 программного обеспечения для управления персоналом SAP HCM, позволяющая нарушителю повысить привилегии |
| BDU:2026-00027 | Уязвимость компонента My Timesheet Fiori 2.0 программного обеспечения для управления персоналом SAP HCM, позволяющая нарушителю повысить привилегии |
| BDU:2026-00057 | Уязвимость сетевой файловой системы Network File System (NFS) операционной систем Synology DiskStation Manager, позволяющая нарушителю читать произвольные файлы |
| BDU:2026-00230 | Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, позволяющая нарушителю повысить свои привилегии |
| BDU:2026-00232 | Уязвимость программной платформы SAP S/4HANA, позволяющая нарушителю выполнить произвольный код |
| BDU:2026-00233 | Уязвимость приложения для установления связи между облачной платформой и локальной системой SAP Cloud Connector, связанная с отсутствием авторизации, позволяющая нарушителю получить несанкционированный доступ на изменение защищаемой информации |
| BDU:2026-00269 | Уязвимость сервера системы управления базами данных MongoDB, позволяющая нарушителю вызвать отказ в обслуживании |
| BDU:2026-00279 | Уязвимость системы управления контентом на основе технологии Java OFCMS, связаная с подделкой межсайтовых запросов, позволяющая нарушителю осуществить CSRF-атаку |
| BDU:2026-00315 | Уязвимость сервера автоматизации Jenkins, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2026-00492 | Уязвимость программного обеспечения для онлайн-моделирования и оптимизации процессов AVEVA Process Optimization, связанная с отсутствием авторизации, позволяющая нарушителю выполнить произвольный код, получить доступ на чтение, изменение и удаление ф... |
Идентификаторы CVE уязвимостей
Идентификатор, базы данных общеизвестных уязвимостей информационной безопасности
| Идентификатор | Описание |
|---|---|
| CVE-2011-4183 | open build service allows anyone to upload rpms |
| CVE-2013-10072 | Nagios XI < 2012R1.6 Auto-Discovery Missing Authorization |
| CVE-2013-3703 | No write permission check in change_role command |
| CVE-2015-10140 | Ajax Load More < 2.8.1.2 - Subscriber+ File Upload & Deletion |
| CVE-2015-10143 | Platform < 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Options Update |
| CVE-2015-20067 | WP Attachment Export < 0.2.4 - Unauthenticated Posts Download |
| CVE-2017-2652 | It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jen... |
| CVE-2017-2662 | A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a reposito... |
| CVE-2017-7530 | In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when... |
| CVE-2017-7548 | PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attacke... |
| CVE-2018-10865 | It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allow... |
| CVE-2018-10866 | It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allow... |
| CVE-2018-14628 | An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticat... |
| CVE-2018-25019 | LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload |
| CVE-2018-25105 | File Manager <= 3.0 - Unauthenticated Arbitrary File Upload/Download |
| CVE-2018-7688 | Open Build Service accepts arbitrary reviews |
| CVE-2018-7689 | Open Build Service arbitrary package modification |
| CVE-2019-10184 | undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures... |
| CVE-2019-13547 | Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP a... |
| CVE-2019-14822 | A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to... |
| CVE-2019-18581 | Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71... |
| CVE-2019-25214 | ShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site Scripting |
| CVE-2019-25215 | ARI-Adminer <= 1.1.14 - Missing Authorization and No Direct File Access Restrictions |
| CVE-2019-25217 | SiteGround Optimizer <= 5.0.12 - Missing Authorization |
| CVE-2019-3879 | It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is triggered as an internal command,... |
| CVE-2019-3886 | An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs... |
| CVE-2019-6580 | A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions... |
| CVE-2020-10684 | A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when u... |
| CVE-2020-10689 | A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An auth... |
| CVE-2020-10697 | A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can... |
| CVE-2020-10701 | A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw... |
| CVE-2020-10746 | A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to contro... |
| CVE-2020-14306 | An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through... |
| CVE-2020-14491 | OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a... |
| CVE-2020-14520 | The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the... |
| CVE-2020-15247 | Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. |
| CVE-2020-1996 | PAN-OS: Panorama management server log injection |
| CVE-2020-24672 | ABB Base Software for SoftControl Remote Code Execution vulnerability |
| CVE-2020-25711 | A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server mana... |
| CVE-2020-25718 | A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain con... |
| CVE-2020-26212 | Any GLPI CalDAV calendars is read-only for every authenticated user |
| CVE-2020-26231 | Bypass of fix for CVE-2020-15247, Twig sandbox escape |
| CVE-2020-27220 | The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receiv... |
| CVE-2020-27349 | aptdaemon performed policykit permissions checks too late |
| CVE-2020-27777 | A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due... |
| CVE-2020-28215 | A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that could cause a wide range... |
| CVE-2020-3400 | Cisco IOS XE Software Web UI Authorization Bypass Vulnerability |
| CVE-2020-36239 | Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8... |
| CVE-2020-36833 | Indeed Membership Pro 7.3 - 8.6 - Missing Authorization Checks |
| CVE-2020-36834 | Discount Rules for WooCommerce <= 2.0.2 - Missing Authorization |
| CVE-2020-36837 | ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset |
| CVE-2020-36840 | Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization |
| CVE-2020-36852 | Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Database Wiping |
| CVE-2020-5228 | Opencast allows unauthorized public access via OAI-PMH |
| CVE-2020-5368 | Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attac... |
| CVE-2020-7343 | Improper Authorization vulnerability in MA |
| CVE-2021-21246 | Pre-Auth Access token leak |
| CVE-2021-21255 | entities switch IDOR |
| CVE-2021-21264 | Bypass of fix for CVE-2020-26231, Twig sandbox escape |
| CVE-2021-21307 | Remote Code Exploit in Lucee Admin |
| CVE-2021-21326 | Horizontal Privilege Escalation |
| CVE-2021-21327 | Unsafe Reflection in getItemForItemtype() |
| CVE-2021-22513 | Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability af... |
| CVE-2021-22891 | A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1... |
| CVE-2021-22896 | Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticat... |
| CVE-2021-24184 | Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation |
| CVE-2021-24352 | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export |
| CVE-2021-24353 | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import |
| CVE-2021-24354 | Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation |
| CVE-2021-24355 | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Update and Retrieve Wildcard Value |
| CVE-2021-24356 | Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Activation |
| CVE-2021-24500 | Workreap theme < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities |
| CVE-2021-24501 | Workreap theme < 2.2.2 - Missing Authorization Checks in Ajax Actions |
| CVE-2021-24633 | Countdown Block < 1.1.2 - Missing Authorisation in AJAX action |
| CVE-2021-24639 | OMGF < 4.5.4 - Subscriber+ Arbitrary File/Folder Deletion |
| CVE-2021-24677 | Find My Blocks < 3.4.0 - Private Post Titles Disclosure |
| CVE-2021-24730 | Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update |
| CVE-2021-24779 | WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update |
| CVE-2021-24790 | Contact Form Advanced Database <= 1.0.8 - Unauthorised AJAX Calls |
| CVE-2021-24831 | Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls |
| CVE-2021-24836 | Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update |
| CVE-2021-24839 | SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion |
| CVE-2021-24842 | Bulk Datetime Change < 1.12 - Missing Authorisation |
| CVE-2021-24890 | Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload |
| CVE-2021-24906 | Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation |
| CVE-2021-24914 | Tawk.to Live Chat < 0.6.0 - Subscriber+ Visitor Monitoring & Chat Removal |
| CVE-2021-24950 | Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS |
| CVE-2021-24968 | Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation |
| CVE-2021-24977 | Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending |
| CVE-2021-24978 | OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion |
| CVE-2021-24993 | Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update |
| CVE-2021-24997 | WP Guppy < 1.3 - Sensitive Information Disclosure |
| CVE-2021-25002 | Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure |
| CVE-2021-25011 | WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update |
| CVE-2021-25013 | Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion |
| CVE-2021-25014 | Ibtana < 1.1.4.9 - Subscriber+ Settings Update to Stored XSS |
| CVE-2021-25018 | PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS |
| CVE-2021-25025 | Event Calendar < 1.1.51 - Subscriber+ Event Creation |
| CVE-2021-25032 | PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise |
| CVE-2021-25042 | WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS |
| CVE-2021-25075 | Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS |
| CVE-2021-25084 | Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/Deletion |
| CVE-2021-25087 | Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure |
| CVE-2021-25093 | Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion |
| CVE-2021-25095 | IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban |
| CVE-2021-25116 | Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion |
| CVE-2021-27855 | FatPipe software allows privilege escalation |
| CVE-2021-27857 | FatPipe software allows unauthenticated configuration download |
| CVE-2021-27858 | Missing authorization vulnerability in FatPipe software |
| CVE-2021-27859 | Missing authorization vulnerability in FatPipe software |
| CVE-2021-31384 | Junos OS: SRX Series: Under a specific device configuration an attacker can access the devices J-Web management services from... |
| CVE-2021-32472 | Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle version... |
| CVE-2021-32503 | Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only... |
| CVE-2021-32504 | Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only... |
| CVE-2021-32748 | WOPI API not protected by credentials/IP check |
| CVE-2021-33704 | The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that woul... |
| CVE-2021-34629 | SendGrid <= 1.11.8 – Authorization Bypass |
| CVE-2021-35001 | BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability |
| CVE-2021-3653 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (vi... |
| CVE-2021-3656 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (vi... |
| CVE-2021-3814 | It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth ins... |
| CVE-2021-38164 | SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618,... |
| CVE-2021-38431 | Advantech WebAccess SCADA |
| CVE-2021-39231 | Missing authentication/authorization on internal RPC endpoints |
| CVE-2021-39232 | Missing admin check for SCM related admin commands |
| CVE-2021-39236 | Owners of the S3 tokens are not validated |
| CVE-2021-39347 | Stripe for WooCommerce 3.0.0 - 3.3.9 Missing Authorization Controls to Financial Account Hijacking |
| CVE-2021-40501 | SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authentica... |
| CVE-2021-40502 | SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticat... |
| CVE-2021-4074 | WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting |
| CVE-2021-40853 | TCMAN GIM missing authorization vulnerability |
| CVE-2021-41112 | Missing Authorization in Rundeck |
| CVE-2021-41233 | Missing authorization in Nextcloud text |
| CVE-2021-41238 | Missing Authorization with Default Settings in Dashboard UI |
| CVE-2021-42062 | SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in... |
| CVE-2021-42367 | Variation Swatches for WooCommerce <= 2.1.1 Authenticated Stored Cross-Site Scripting |
| CVE-2021-42848 | An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauth... |
| CVE-2021-42851 | A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create... |
| CVE-2021-43781 | Permissions not properly checked in Invenio-Drafts-Resources |
| CVE-2021-44055 | Information leakage in Video Station |
| CVE-2021-44233 | SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an aut... |
| CVE-2021-4444 | Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization |
| CVE-2021-4445 | Premium Addons for Elementor <= 4.5.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update |
| CVE-2021-4446 | Essential Addons for Elementor <= 4.6.4 - Missing Authorization |
| CVE-2021-4447 | Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation |
| CVE-2021-4448 | Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization |
| CVE-2021-44792 | Information Leakege via Unauthorized Access in Single Connect |
| CVE-2021-44793 | Information Leakege via Unauthorized Access in Single Connect |
| CVE-2021-44794 | Information Leakege via Unauthorized Access in Single Connect |
| CVE-2021-44795 | Modifying User Permissions via Unauthorized Access in Single Connect |
| CVE-2021-47662 | Unauthenticated remote shutdown of the cobot |
| CVE-2022-0163 | Smart Forms < 2.6.71 - Subscriber+ Form Data Download |
| CVE-2022-0164 | Coming soon and Maintenance mode < 3.6.7 - Subscriber+ Arbitrary Email Sending to Subscribed Users |
| CVE-2022-0178 | Missing Authorization in snipe/snipe-it |
| CVE-2022-0179 | Missing Authorization in snipe/snipe-it |
| CVE-2022-0218 | WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route |
| CVE-2022-0229 | miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion |
| CVE-2022-0236 | WP Import Export (Lite) <= 3.9.15 Unauthenticated Sensitive Data Disclosure |
| CVE-2022-0287 | Mycred < 2.4.4.1 - Subscriber+ User E-mail Addresses Disclosure |
| CVE-2022-0345 | Better Notifications for WP < 1.8.7 - Email Address Disclosure |
| CVE-2022-0363 | myCred < 2.4.4 - Subscriber+ Arbitrary Post Creation |
| CVE-2022-0398 | ThirstyAffiliates Affiliate Link Manager < 3.10.5 - Subscriber+ Arbitrary Affiliate Links Creation |
| CVE-2022-0404 | Material Design for Contact Form 7 <= 2.6.4 - Subscriber+ Arbitrary Settings Update leading to DoS |
| CVE-2022-0444 | XCloner < 4.3.6 - Plugin Settings Reset |
| CVE-2022-0579 | Missing Authorization in snipe/snipe-it |
| CVE-2022-0588 | Missing Authorization in librenms/librenms |
| CVE-2022-0611 | Missing Authorization in snipe/snipe-it |
| CVE-2022-0634 | ThirstyAffiliates < 3.10.5 - Subscriber+ unauthorized image upload + CSRF |
| CVE-2022-0726 | Missing Authorization in chocobozzz/peertube |
| CVE-2022-0745 | Like Button Rating < 2.6.45 - Arbitrary e-mail Sending |
| CVE-2022-0755 | Missing Authorization in salesagility/suitecrm |
| CVE-2022-0756 | Missing Authorization in salesagility/suitecrm |
| CVE-2022-0833 | Church Admin < 3.4.135 - Unauthenticated Plugin's Backup Disclosure |
| CVE-2022-0837 | Amelia < 1.0.48 - Customer+ SMS Service Abuse and Sensitive Data Disclosure |
| CVE-2022-0871 | Missing Authorization in gogs/gogs |
| CVE-2022-0885 | Member Hero <= 1.0.9 - Unauthenticated RCE |
| CVE-2022-0905 | Missing Authorization in go-gitea/gitea |
| CVE-2022-0919 | Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure |
| CVE-2022-0932 | Missing Authorization in saleor/saleor |
| CVE-2022-0952 | Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update |
| CVE-2022-1020 | Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call |
| CVE-2022-1054 | RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export |
| CVE-2022-1092 | myCred < 2.4.4 - Subscriber+ Import/Export to Email Address Disclosure |
| CVE-2022-1203 | Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update |
| CVE-2022-1245 | A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client applic... |
| CVE-2022-1323 | Discy < 5.0 - Subscriber+ Broken Access Control to change settings |
| CVE-2022-1329 | Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution |
| CVE-2022-1511 | Missing Authorization in snipe/snipe-it |
| CVE-2022-1570 | Files Download Delay < 1.0.7 - Subscriber+ Settings Reset |
| CVE-2022-1572 | HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion |
| CVE-2022-1574 | HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload |
| CVE-2022-1777 | Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls |
| CVE-2022-1903 | ARMember < 3.4.8 - Unauthenticated Admin Account Takeover |
| CVE-2022-21660 | Missing authorization in gin-vue-admin |
| CVE-2022-21953 | Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster |
| CVE-2022-22107 | DayByDay CRM - Missing Authorization when Viewing Appointments |
| CVE-2022-22108 | DayByDay CRM - Missing Authorization when Viewing Absences |
| CVE-2022-22111 | DayByDay CRM - Missing Authorization when Changing Password |
| CVE-2022-22535 | SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the pa... |
| CVE-2022-2276 | WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion |
| CVE-2022-23055 | ERPNext - Improper user access conrol |
| CVE-2022-23180 | Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update |
| CVE-2022-2350 | Disable User Login <= 1.0.1 - Unauthenticated Settings Update |
| CVE-2022-23617 | Missing authorization in xwiki-platform |
| CVE-2022-23621 | Missing authorization in xwiki-platform |
| CVE-2022-2369 | YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure |
| CVE-2022-2370 | YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak |
| CVE-2022-2373 | Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure |
| CVE-2022-2376 | Directorist < 7.3.1 - Unauthenticated Email Address Disclosure |
| CVE-2022-2377 | Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending |
| CVE-2022-2379 | Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API |
| CVE-2022-2382 | Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion |
| CVE-2022-2389 | Automations By Autonami < 2.1.2 - Subscriber+ Automation Creation |
| CVE-2022-23944 | Apache ShenYu 2.4.1 Improper access control |
| CVE-2022-23945 | Apache ShenYu missing authentication allows gateway registration |
| CVE-2022-2405 | WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion |
| CVE-2022-24317 | A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific... |
| CVE-2022-2450 | reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls |
| CVE-2022-24669 | Anonymous users can register / de-register for configuration change notifications |
| CVE-2022-24896 | Tracker report renderer and chart widgets leak information in Tuleap |
| CVE-2022-2543 | Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection |
| CVE-2022-2552 | Duplicator < 1.4.7.1 - Unauthenticated System Information Disclosure |
| CVE-2022-25810 | Transposh WordPress Translation <= 1.0.8 - Subscriber+ Unauthorised Calls |
| CVE-2022-26102 | Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authen... |
| CVE-2022-26103 | Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access informat... |
| CVE-2022-2657 | Multivendor Marketplace Solution for WooCommerce < 3.8.12 - Unauthorised AJAX Calls |
| CVE-2022-2732 | Missing Authorization in openemr/openemr |
| CVE-2022-27480 | A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80)... |
| CVE-2022-27658 | Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead... |
| CVE-2022-27669 | An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - versio... |
| CVE-2022-2841 | CrowdStrike Falcon Uninstallation authorization |
| CVE-2022-2846 | Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS |
| CVE-2022-28789 | Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. T... |
| CVE-2022-29176 | Unauthorized gem takeover for some gems on rubygems.org |
| CVE-2022-29611 | SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticate... |
| CVE-2022-2985 | In music service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no... |
| CVE-2022-2987 | Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass |
| CVE-2022-3007 | Unauthorized Access Vulnerability in Syska SW100 Smartwatch |
| CVE-2022-30731 | Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private f... |
| CVE-2022-3082 | miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling |
| CVE-2022-3096 | WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS |
| CVE-2022-31128 | Fine grained permissions are not checked in Tuleap |
| CVE-2022-31167 | XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same re... |
| CVE-2022-3124 | Frontend File Manager < 21.3 - Unauthenticated File Renaming |
| CVE-2022-31592 | The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 80... |
| CVE-2022-31595 | SAP Financial Consolidation - version 1010,�does not perform necessary authorization checks for an authenticated user, result... |
| CVE-2022-31597 | Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension f... |
| CVE-2022-31765 | Affected devices do not properly authorize the change password function of the web interface. This could allow low privilege... |
| CVE-2022-3244 | Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation |
| CVE-2022-32768 | Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev mas... |
| CVE-2022-32769 | Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev mas... |
| CVE-2022-32966 | Realtek RTL8111FP-CG - Missing Authorization |
| CVE-2022-3320 | Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command |
| CVE-2022-3321 | Lock WARP switch feature bypass on WARP mobile client for iOS |
| CVE-2022-3322 | Lock WARP switch bypass on WARP mobile client using iOS quick action |
| CVE-2022-3337 | Lock WARP switch bypass by removing VPN profile on iOS mobile client |
| CVE-2022-34344 | WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control |
| CVE-2022-3451 | Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls |
| CVE-2022-3489 | WP Hide <= 0.0.2 - Unauthenticated Settings Update |
| CVE-2022-3512 | Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command |
| CVE-2022-35293 | Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On su... |
| CVE-2022-3538 | Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation |
| CVE-2022-36024 | Bots using py-cord as discord api wrapper are vulnerable to shutdowns through remote code execution |
| CVE-2022-36068 | Discourse moderators can edit themes via the API |
| CVE-2022-36091 | XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthori... |
| CVE-2022-36340 | WordPress MailOptin plugin <= 1.2.49.0 - Unauthenticated Optin Campaign Cache Deletion vulnerability |
| CVE-2022-36352 | WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control |
| CVE-2022-36404 | WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability |
| CVE-2022-36418 | WordPress HREFLANG Tags Lite Plugin <= 2.0.0 is vulnerable to Broken Authentication |
| CVE-2022-36836 | Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state witho... |
| CVE-2022-38057 | WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability |
| CVE-2022-38141 | WordPress Sales Report Email for WooCommerce Plugin <= 2.8 is vulnerable to Broken Access Control |
| CVE-2022-38669 | In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service... |
| CVE-2022-38670 | In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service... |
| CVE-2022-38678 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with... |
| CVE-2022-38682 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with... |
| CVE-2022-38683 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with... |
| CVE-2022-38684 | In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with... |
| CVE-2022-38697 | In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service... |
| CVE-2022-38698 | In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with... |
| CVE-2022-39080 | In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with... |
| CVE-2022-39090 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39091 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39092 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39093 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39094 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39095 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39096 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39097 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39098 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39099 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39100 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39101 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39102 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-39103 | In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service with n... |
| CVE-2022-39104 | In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with... |
| CVE-2022-39107 | In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder ser... |
| CVE-2022-39108 | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no add... |
| CVE-2022-39109 | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no add... |
| CVE-2022-3911 | iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin |
| CVE-2022-39110 | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no add... |
| CVE-2022-39111 | In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no add... |
| CVE-2022-39112 | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no ad... |
| CVE-2022-39113 | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no ad... |
| CVE-2022-39114 | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no ad... |
| CVE-2022-39115 | In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no ad... |
| CVE-2022-39117 | In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional... |
| CVE-2022-39119 | In network service, there is a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2022-3920 | Consul Peering Imported Nodes/Services Leak |
| CVE-2022-3923 | ActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log Cleanup |
| CVE-2022-39233 | Tuleap subject to Missing Authorization allowing for branch prefix modification |
| CVE-2022-3946 | Welcart e-Commerce < 2.8.4 - Subscriber+ Arbitrary Shipping Method Creation/Update/Deletion |
| CVE-2022-3961 | Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure |
| CVE-2022-39861 | Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without... |
| CVE-2022-3999 | WooCommerce Shipping - DPD baltic < 1.2.57 - Subscriber+ Arbitrary Options Deletion |
| CVE-2022-4004 | Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam |
| CVE-2022-40203 | WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control |
| CVE-2022-40218 | WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2022-40223 | WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability |
| CVE-2022-4024 | Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion |
| CVE-2022-40702 | WordPress Advanced Local Pickup for WooCommerce Plugin <= 1.5.2 is vulnerable to Broken Access Control |
| CVE-2022-40975 | WordPress Post Slider plugin <= 1.6.7 - Broken Access Control vulnerability |
| CVE-2022-4102 | Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Deletion |
| CVE-2022-4103 | Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Creation |
| CVE-2022-4124 | Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion |
| CVE-2022-41271 | An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process... |
| CVE-2022-41272 | An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search... |
| CVE-2022-4148 | WP OAuth Server < 4.3.0 - Subscriber+ Arbitrary Client Deletion |
| CVE-2022-41619 | WordPress Image Zoom Plugin <= 1.8.8 is vulnerable to Broken Access Control |
| CVE-2022-41692 | WordPress Appointment Hour Booking plugin <= 1.3.71 - Missing Authorization vulnerability |
| CVE-2022-41695 | WordPress Traffic Manager Plugin <= 1.4.5 is vulnerable to Broken Access Control |
| CVE-2022-41698 | WordPress If Menu – Visibility control for Menus plugin <= 0.16.3 - Broken Access Control |
| CVE-2022-41786 | WordPress WP Job Portal Plugin <= 2.0.1 is vulnerable to Broken Access Control |
| CVE-2022-41790 | WordPress WP Time Slots Booking Form Plugin <= 1.1.76 is vulnerable to Broken Access Control |
| CVE-2022-41929 | Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore |
| CVE-2022-41930 | org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users |
| CVE-2022-41937 | Missing Authorization in XWiki Platform |
| CVE-2022-41995 | WordPress Photo Gallery – Image Gallery by Ape Plugin <= 2.2.8 is vulnerable to Broken Access Control |
| CVE-2022-42776 | In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional... |
| CVE-2022-42777 | In power management service, there is a missing permission check. This could lead to set up power management service with no... |
| CVE-2022-42778 | In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no ad... |
| CVE-2022-42884 | WordPress WIP Custom Login Plugin <= 1.2.7 is vulnerable to Broken Access Control |
| CVE-2022-43453 | WordPress WP Tools plugin <= 3.41 - Auth. Broken Access Control vulnerability |
| CVE-2022-43472 | WordPress eRoom plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2022-43476 | WordPress Subscribe to Category Plugin <= 2.7.4 is vulnerable to Broken Access Control |
| CVE-2022-43482 | WordPress Appointment Booking Calendar plugin <= 1.3.69 - Missing Authorization vulnerability |
| CVE-2022-4366 | Missing Authorization in lirantal/daloradius |
| CVE-2022-4384 | Stream < 3.9.2 - Subscriber+ Alert Creation |
| CVE-2022-4385 | Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order Update |
| CVE-2022-44422 | In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no... |
| CVE-2022-44423 | In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no... |
| CVE-2022-44424 | In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no... |
| CVE-2022-44434 | In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service wit... |
| CVE-2022-44435 | In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service wit... |
| CVE-2022-44436 | In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service wit... |
| CVE-2022-44437 | In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service wit... |
| CVE-2022-44438 | In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service wit... |
| CVE-2022-44439 | In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service wit... |
| CVE-2022-44578 | WordPress Owl Carousel plugin <= 0.5.3 - Broken Access Control vulnerability |
| CVE-2022-44626 | WordPress Squirrly SEO (Peaks) plugin <= 12.1.20 - Broken Access Control vulnerability |
| CVE-2022-44633 | WordPress YITH WooCommerce Gift Cards Premium plugin <= 3.23.1 - Unauth. Gift Card Creation Leading to Stored XSS vulnerabili... |
| CVE-2022-45070 | WordPress Conditional Checkout Fields for WooCommerce plugin <= 1.2.3 - Broken Authentication vulnerability |
| CVE-2022-45349 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability |
| CVE-2022-45351 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability |
| CVE-2022-45352 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability |
| CVE-2022-45356 | WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability |
| CVE-2022-45803 | WordPress Gutenberg Forms plugin <= 2.2.8.3 - Auth. Broken Access Control vulnerability |
| CVE-2022-45806 | WordPress Formidable Forms plugin <= 5.5.4 - Broken Access Control vulnerability |
| CVE-2022-45811 | WordPress Post Teaser plugin <= 4.1.5 - Auth. Broken Access Control vulnerability |
| CVE-2022-45819 | WordPress Popup Maker plugin <= 1.17.1 - Broken Access Control vulnerability |
| CVE-2022-45826 | WordPress Sunshine Photo Cart plugin <= 2.9.13 - Auth. Broken Access Control vulnerability |
| CVE-2022-45830 | WordPress Analytify - Google Analytics Dashboard plugin <= 4.2.3 - Privilege Escalation vulnerability |
| CVE-2022-45832 | WordPress Attorney theme <= 3 - Unauth. Arbitrary Content Deletion vulnerability |
| CVE-2022-45840 | WordPress Auto Affiliate Links plugin <= 6.2.1.5 - Unauth. Broken Access Control vulnerability |
| CVE-2022-45841 | WordPress Robo Gallery plugin <= 3.2.9 - Auth. Broken Access Control vulnerability |
| CVE-2022-45851 | WordPress ShareThis Dashboard for Google Analytics plugin <= 3.1.4 - Broken Access Control vulnerability |
| CVE-2022-46795 | WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 4.7.2 - CSRF Plugin Settings Reset vulnerability |
| CVE-2022-46796 | WordPress CURCY plugin <= 2.1.25 - Unauthenticated plugin settings change vulnerability |
| CVE-2022-46807 | WordPress Stock Sync for WooCommerce plugin <= 2.3.2 - Broken Access Control |
| CVE-2022-46811 | WordPress ALD Dropshipping and Fulfillment for AliExpress and WooCommerce plugin <= 1.0.21 - Broken Access Control + CSRF |
| CVE-2022-46838 | WordPress JS Help Desk plugin <= 2.7.1 - Unauthenticated Settings Change Vulnerability |
| CVE-2022-46840 | WordPress JS Help Desk plugin <= 2.7.1 - Broken Access Control |
| CVE-2022-46846 | WordPress Trending/Popular Post Slider and Widget plugin <= 1.5.7 - Broken Access Control vulnerability |
| CVE-2022-46850 | WordPress Easy Media Replace Plugin <= 0.1.3 is vulnerable to Arbitrary File Deletion |
| CVE-2022-47168 | WordPress Printful Integration for WooCommerce plugin <= 2.2.3 - Cross Site Request Forgery (CSRF) |
| CVE-2022-47176 | WordPress Depicter Slider plugin <= 1.9.0 - Broken Access Control vulnerability |
| CVE-2022-47182 | WordPress APIExperts Square for WooCommerce plugin <= 4.4.1 - Broken Access Control |
| CVE-2022-47429 | WordPress Coming Soon Landing Page and Maintenance Mode WordPress Plugin plugin <= 2.2.0 - Broken Access Control |
| CVE-2022-47594 | WordPress Essential Blocks for Gutenberg plugin <= 3.8.5 - Broken Access Control |
| CVE-2022-47601 | WordPress WP Table Manager plugin <= 3.5.2 - Broken Access Control |
| CVE-2022-47604 | WordPress AJAX Thumbnail Rebuild plugin <= 1.13 - Broken Access Control vulnerability |
| CVE-2022-48318 | Insecure access control mechanisms for RestAPI documentation |
| CVE-2022-4872 | WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no' |
| CVE-2022-4972 | Download Monitor <= 4.7.51 - Missing Authorization to Unauthenticated Data Export |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks |
| CVE-2023-0019 | In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_7... |
| CVE-2023-0335 | WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion |
| CVE-2023-0336 | OoohBoi Steroids for Elementor < 2.1.5 - Subscriber+ Attachment Deletion |
| CVE-2023-0405 | GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update |
| CVE-2023-0441 | Gallery Blocks with Lightbox < 3.0.8 - Subscriber+ Arbitrary Options Update |
| CVE-2023-0678 | Missing Authorization in phpipam/phpipam |
| CVE-2023-0889 | TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update |
| CVE-2023-0890 | Shortcodes Ultimate < 5.12.8 - Subscriber+ Arbitrary Post Access |
| CVE-2023-0911 | Shortcodes Ultimate < 5.12.8 - Subscriber+ User Meta Disclosure |
| CVE-2023-0923 | Odh-notebook-controller-container: missing authorization allows for file contents disclosure |
| CVE-2023-1114 | Improper Input Validation on e-Belediye |
| CVE-2023-1261 | Missing MAC layer security in Wi-SUN SDK |
| CVE-2023-1262 | Missing MAC layer security in Wi-SUN Linux Border Router |
| CVE-2023-1299 | Nomad Job Submitter Privilege Escalation Using Workload Identity |
| CVE-2023-1371 | W4 Post List < 2.4.6 - Subscriber+ Password Protected Post Content Disclosure |
| CVE-2023-1414 | WP VR < 8.3.0 - Subscriber+ Arbitrary Tour Update |
| CVE-2023-1705 | Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows P... |
| CVE-2023-1774 | Unauthorized email invite to a private channel |
| CVE-2023-1782 | Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation |
| CVE-2023-1903 | Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0) |
| CVE-2023-20064 | Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability |
| CVE-2023-20252 | A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow a... |
| CVE-2023-21450 | Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's... |
| CVE-2023-2179 | WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update |
| CVE-2023-2193 | Oauth authorization codes do not expire when deauthorizing an oauth2 app |
| CVE-2023-2233 | Missing Authorization in GitLab |
| CVE-2023-22478 | KubePi is vulnerable to missing authorization |
| CVE-2023-22488 | Missing authorization in Flarum |
| CVE-2023-22489 | Flarum is missing authorization in discussion replies |
| CVE-2023-22674 | WordPress Dashicons + Custom Post Types Plugin <= 1.0.2 is vulnerable to Broken Access Control |
| CVE-2023-22676 | WordPress Advanced Custom Fields: Image Crop Add-on Plugin <= 1.4.12 is vulnerable to Broken Access Control |
| CVE-2023-2268 | Plane v0.7.1 - Unauthorized access to files |
| CVE-2023-22697 | WordPress Survey Maker plugin <= 3.2.0 - Broken Access Control vulnerability |
| CVE-2023-22699 | WordPress MainWP Wordfence Extension Plugin <= 4.0.7 - Subscriber+ Arbitrary Plugin Activation Vulnerability |
| CVE-2023-22701 | WordPress Ebook Store plugin <= 5.775 - Broken Authentication vulnerability |
| CVE-2023-22708 | WordPress Kraken.io Image Optimizer plugin <= 2.6.7 - Broken Access Control vulnerability |
| CVE-2023-22728 | Silverstripe Framework has missing permission check of canView in GridFieldPrintButton |
| CVE-2023-22736 | argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled |
| CVE-2023-22737 | wire-server vulnerable to unauthorized removal of Bots from Conversations |
| CVE-2023-22836 | In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the... |
| CVE-2023-22858 | Stored cross-site scripting in BlogEngine.NET version 3.3.8.0 |
| CVE-2023-23611 | xblock-lti-consumer contain Missing Authorization in Grade Pass Back Implementation |
| CVE-2023-23639 | WordPress MainWP Staging Extension Plugin <= 4.0.3 - Subscriber+ Arbitrary Plugin Activation Vulnerability |
| CVE-2023-23640 | WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation Vulnerability |
| CVE-2023-23672 | WordPress GiveWP plugin <= 2.25.1 - Arbitrary Content Deletion vulnerability |
| CVE-2023-23715 | WordPress JobBoardWP – Job Board Listings and Submissions plugin <= 1.2.2 - IDOR Leading To Job Removal Vulnerability |
| CVE-2023-23716 | WordPress Zendesk Support for WordPress plugin <= 1.8.4 - Broken Access Control vulnerability |
| CVE-2023-23725 | WordPress Shortcodes by Angie Makes plugin <= 3.46 - Broken Access Control vulnerability |
| CVE-2023-23814 | WordPress Calendar Event Multi View plugin <= 1.4.13 - Broken Access Control vulnerability |
| CVE-2023-23823 | WordPress Enhanced Text Widget plugin <= 1.5.8 - Broken Access Control vulnerability |
| CVE-2023-23825 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Import_WPforms vulnerability |
| CVE-2023-23834 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Broken Access Control + CSRF on Activate_Plugin vulnerabilit... |
| CVE-2023-23848 | Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission... |
| CVE-2023-23850 | A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permissio... |
| CVE-2023-23854 | SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perfo... |
| CVE-2023-23868 | WordPress Cost of Goods for WooCommerce plugin <= 2.8.6 - Broken Access Control vulnerability |
| CVE-2023-23882 | WordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.5 is vulnerable to Broken Access Control |
| CVE-2023-23886 | WordPress WP-RecentComments plugin <= 2.2.7 - Broken Access Control vulnerability |
| CVE-2023-23887 | WordPress Easy Google Analytics for WordPress plugin <= 1.6.0 - Broken Access Control vulnerability |
| CVE-2023-23893 | WordPress Simple Giveaways plugin <= 2.48.0 - Broken Access Control vulnerability |
| CVE-2023-23895 | WordPress WP Time Slots Booking Form plugin <= 1.1.82 - Broken Access Control vulnerability |
| CVE-2023-23896 | WordPress URL Shortener by MyThemeShop Plugin <= 1.0.17 is vulnerable to Broken Access Control |
| CVE-2023-23975 | WordPress Quick Event Manager plugin <= 9.7.4 - Broken Access Control vulnerability |
| CVE-2023-23985 | WordPress Quiz Maker plugin <= 6.3.9.4 - Content Spoofing |
| CVE-2023-23986 | WordPress Reviews and Rating – Google My Business plugin <= 4.14 - Broken Access Control vulnerability |
| CVE-2023-23988 | WordPress My Tickets plugin <= 1.9.11 - Payment Bypass Vulnerability |
| CVE-2023-2414 | Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.6 - Missing Authorization to Settings Update and Arbitrary... |
| CVE-2023-24375 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 - Broken Access Control v... |
| CVE-2023-24407 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerability |
| CVE-2023-24524 | SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user... |
| CVE-2023-24528 | SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to expl... |
| CVE-2023-25026 | WordPress PayPal Brasil para WooCommerce plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2023-25030 | WordPress Buy Me a Coffee plugin <= 3.7 - Broken Access Control vulnerability |
| CVE-2023-25035 | WordPress Quick Contact Form plugin <= 8.0.3.1 - Broken Access Control vulnerability |
| CVE-2023-25037 | WordPress Booking Calendar Contact Form plugin <= 1.2.34 - Broken Access Control vulnerability |
| CVE-2023-25039 | WordPress Google Maps CP plugin <= 1.0.43 - Missing Authorization Leading To Feedback Submission Vulnerability |
| CVE-2023-25048 | WordPress Fantastic Content Protector Free plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2023-25060 | WordPress Album and Image Gallery plus Lightbox plugin <= 1.6.2 - Broken Access Control vulnerability |
| CVE-2023-25067 | WordPress We’re Open! plugin <= 1.45 - Broken Access Control vulnerability |
| CVE-2023-25454 | WordPress Protected Posts Logout Button plugin <= 1.4.5 - Broken Access Control vulnerability |
| CVE-2023-25455 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.6.0 - Arbitrary Content Deleti... |
| CVE-2023-25457 | WordPress Slider Carousel – Responsive Image Slider plugin <=1.5.1 - Broken Access Control vulnerability |
| CVE-2023-25469 | WordPress Easy Table of Contents plugin <= 2.0.45.2 - Broken Access Control vulnerability |
| CVE-2023-25486 | WordPress Clone plugin <= 2.3.7 - Broken Access Control vulnerability |
| CVE-2023-25552 | A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deletin... |
| CVE-2023-25573 | Improper access control to download file in metersphere |
| CVE-2023-25703 | WordPress Meta slider and carousel with lightbox plugin <= 1.6.2 - Broken Access Control vulnerability |
| CVE-2023-25714 | WordPress Quick Paypal Payments plugin <= 5.7.25 - Broken Access Control vulnerability |
| CVE-2023-25715 | WordPress GamiPress Plugin <= 2.5.6 is vulnerable to Broken Access Control |
| CVE-2023-25785 | WordPress WP Post Rating plugin <= 2.5 - Vote Manipulation Vulnerability |
| CVE-2023-25791 | WordPress Fontiran plugin <= 2.1 - Broken Access Control vulnerability |
| CVE-2023-25799 | WordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities |
| CVE-2023-2590 | Missing Authorization in answerdev/answer |
| CVE-2023-25959 | WordPress Apollo13 Framework Extensions plugin <= 1.8.10 - Broken Access Control |
| CVE-2023-25966 | WordPress FileBird plugin <= 5.1.4 - Broken Access Control vulnerability |
| CVE-2023-25988 | WordPress Video Gallery – YouTube Gallery plugin <= 1.7.6 - Broken Access Control vulnerability |
| CVE-2023-25993 | WordPress Top 10 – Popular posts plugin for WordPress plugin <= 3.2.3 - Broken Access Control vulnerability |
| CVE-2023-25997 | WordPress Sola Support Ticket <= 3.17 - Arbitrary Content Deletion Vulnerability |
| CVE-2023-26002 | WordPress 6Storage Rentals <= 2.19.5 - Broken Access Control Vulnerability |
| CVE-2023-26035 | ZoneMinder vulnerable to Missing Authorization |
| CVE-2023-26269 | Apache James server: Privilege escalation through unauthenticated JMX |
| CVE-2023-2627 | KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls |
| CVE-2023-26520 | WordPress Advanced Text Widget plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2023-26521 | WordPress Search in Place plugin <= 1.0.104 - Missing Authorization Leading To Feedback Submission vulnerability |
| CVE-2023-26522 | WordPress WP Repost plugin <= 0.1 - Broken Access Control vulnerability |
| CVE-2023-26523 | WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability |
| CVE-2023-27263 | IDOR: Accessing playbook runs via the Playbooks Runs API |
| CVE-2023-27264 | IDOR: Updating a playbook via the Playbooks API |
| CVE-2023-27309 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected app... |
| CVE-2023-27310 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected app... |
| CVE-2023-27449 | WordPress Total Poll Lite plugin <= 4.8.6 - Broken Access Control vulnerability |
| CVE-2023-27454 | WordPress Rife Elementor Extensions & Templates plugin <= 1.1.10 - Broken Access Control vulnerability |
| CVE-2023-27456 | WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation |
| CVE-2023-27460 | WordPress CP Contact Form with PayPal plugin <= 1.3.34 - Missing Authorization Leading To Feedback Submission vulnerability |
| CVE-2023-27462 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected app... |
| CVE-2023-27607 | WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Settings Change vulnerability |
| CVE-2023-27608 | WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability |
| CVE-2023-27625 | WordPress Site Reviews plugin <= 6.5.0 - Broken Access Control vulnerability |
| CVE-2023-27626 | WordPress Stock Ticker plugin <= 3.23.0 - Broken Access Control vulnerability |
| CVE-2023-2783 | App Framework does not checks for the secret provided in the incoming webhook request |
| CVE-2023-2784 | Apps Framework allows install requests from regular members via an internal path |
| CVE-2023-2786 | Channel commands execution doesn't properly verify permissions |
| CVE-2023-2787 | Collapsed Reply Threads APIs leak message contents from private channels |
| CVE-2023-2788 | Deactivated user can retain access using oauth2 api |
| CVE-2023-2791 | Playbooks lets you edit arbitrary posts |
| CVE-2023-28689 | WordPress JS Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2023-28775 | WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability |
| CVE-2023-29173 | WordPress Product Category Tree plugin <= 2.5 - Broken Access Control vulnerability |
| CVE-2023-29174 | WordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerability |
| CVE-2023-29529 | matrix-js-sdk vulnerable to invisible eavesdropping in group calls |
| CVE-2023-27428 | WordPress WP users media plugin <= 4.2.3 - Broken Access Control vulnerability |
| CVE-2023-27437 | WordPress Event Espresso 4 Decaf plugin <= 4.10.44.decaf - Bypass vulnerability |
| CVE-2023-2796 | EventON < 2.1.2 - Unauthenticated Event Access |
| CVE-2023-28165 | WordPress Backup Bank: WordPress Backup Plugin plugin <= 4.0.28 - Broken Access Control vulnerability |
| CVE-2023-28168 | WordPress WordPress Console plugin <= 0.3.9 - Broken Access Control vulnerability |
| CVE-2023-28416 | WordPress Chankhe theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation vulnerability |
| CVE-2023-28417 | WordPress Dynamics 365 Integration plugin <= 1.3.12 - Broken Access Control vulnerability |
| CVE-2023-28492 | WordPress Calendar Event Multi View plugin <= 1.4.10 - Missing Authorization Leading To Feedback Submission vulnerability |
| CVE-2023-28494 | WordPress Contact Form Email plugin <= 1.3.31 - Missing Authorization Leading To Feedback Submission Vulnerability |
| CVE-2023-28532 | WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation |
| CVE-2023-28536 | WordPress Branded Social Images plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2023-28623 | Unauthorized user can register an account in specific configurations in Zulip |
| CVE-2023-28990 | WordPress Viral Mag theme <= 1.0.9 - Authenticated Arbitrary Plugin Activation Vulnerability |
| CVE-2023-29237 | WordPress Remove Duplicate Posts plugin <= 1.3.5 - Broken Access Control vulnerability |
| CVE-2023-29239 | WordPress LuckyWP Scripts Control plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2023-29422 | WordPress Dynamics 365 Integration plugin <= 1.3.13 - Broken Access Control vulnerability |
| CVE-2023-30476 | WordPress Blogger Buzz theme <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2023-30479 | WordPress Stamped.io Product Reviews & UGC for WooCommerce plugin <= 2.3.2 - Broken Access Control vulnerability |
| CVE-2023-30480 | WordPress Educenter theme <= 1.5.5 - Broken Access Control |
| CVE-2023-30486 | WordPress Square theme <= 2.0.0 - Broken Access Control |
| CVE-2023-29429 | WordPress User Registration plugin <= 2.3.2.1 - Broken Access Control vulnerability |
| CVE-2023-29431 | WordPress qTranslate X Cleanup and WPML Import plugin <= 3.0.1 - Broken Access Control vulnerability |
| CVE-2023-29433 | WordPress tencentcloud-cos plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2023-2945 | Missing Authorization in openemr/openemr |
| CVE-2023-3076 | MStore API < 3.9.9 - Unauthenticated Privilege Escalation |
| CVE-2023-30783 | WordPress Smart WooCommerce Search plugin <= 2.5.0 - Broken Access Control |
| CVE-2023-30870 | WordPress Sharkdropship for AliExpress Dropship and Affiliate plugin <= 2.2.3 - Multiple Broken Access Control vulnerabilitie... |
| CVE-2023-30873 | WordPress WP Docs plugin <= 1.9.8 - Broken Access Control |
| CVE-2023-31073 | WordPress Shortcode to display post and user data plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2023-31080 | WordPress Unlimited Elements For Elementor plugin <= 1.5.65 - Multiple Broken Access Control vulnerability |
| CVE-2023-31214 | WordPress WP Quick Post Duplicator plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2023-31234 | WordPress Tilda Publishing plugin <= 0.3.23 - Broken Access Control vulnerability |
| CVE-2023-3131 | MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update |
| CVE-2023-32094 | WordPress Extended Post Status plugin <= 1.0.19 - Broken Access Control vulnerability |
| CVE-2023-32112 | Missing Authorization Check in Vendor Master Hierarchy |
| CVE-2023-32117 | WordPress Integrate Google Drive plugin <= 1.1.99 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-32126 | WordPress SALERT plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2023-32127 | WordPress Multi Rating plugin <= 5.0.6 - Unauth Arbitrary rating value change |
| CVE-2023-32129 | WordPress Editorialmag theme <= 1.1.9 - Authenticated Arbitrary Plugin Activation |
| CVE-2023-32240 | WordPress Woodmart theme <= 7.2.1 - Broken Access Control vulnerability |
| CVE-2023-32293 | WordPress WRC Pricing Tables plugin <= 2.3.7 - Broken Access Control vulnerability |
| CVE-2023-32295 | WordPress Easy!Appointments plugin <= 1.3.3 - Arbitrary File Deletion vulnerability |
| CVE-2023-32299 | WordPress Ni WooCommerce Sales Report plugin <= 3.7.3 - Broken Access Control vulnerability |
| CVE-2023-3230 | Missing Authorization in fossbilling/fossbilling |
| CVE-2023-32311 | The CloudExplorer Lite missing permissions check |
| CVE-2023-32316 | Users can add themselves to any organization in CloudExplorer Lite |
| CVE-2023-32506 | WordPress Link Whisper Free plugin <= 0.6.3 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-32507 | WordPress Woo Custom Emails plugin <= 2.2 - Broken Access Control vulnerability |
| CVE-2023-32519 | WordPress WCP Contact Form plugin <= 3.1.0 - Broken Access Control vulnerability |
| CVE-2023-30488 | WordPress Featured Post Creative plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2023-30490 | WordPress Easing Slider plugin <= 3.0.8 - Plugin Settings Reset Vulnerability |
| CVE-2023-33922 | WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability |
| CVE-2023-33923 | Broken Access Control leading to Arbitrary Plugin Activation in multiple HashThemes themes |
| CVE-2023-33928 | WordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2023-33948 | The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media f... |
| CVE-2023-32520 | WordPress WCP Contact Form plugin <= 3.1.0 - Broken Access Control vulnerability |
| CVE-2023-32574 | WordPress Injection Guard plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2023-32581 | WordPress WP-Chatbot for Messenger plugin <= 4.7 - Broken Access Control |
| CVE-2023-32585 | WordPress Portfolio Gallery – Responsive Image Gallery plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2023-32586 | WordPress SoundCloud Is Gold plugin <= 2.5.1 - Broken Access Control vulnerability |
| CVE-2023-32593 | WordPress GS Pins for Pinterest plugin <= 1.6.7 - Broken Access Control vulnerability |
| CVE-2023-32599 | WordPress reCAPTCHA for all plugin <= 1.22 - Broken Access Control vulnerability |
| CVE-2023-32601 | WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.12 - Broken Access Control vulnerability |
| CVE-2023-32677 | Users who can send invitations can erroneously add users to streams during invitation in Zulip |
| CVE-2023-32798 | WordPress Simple Page Ordering plugin <= 2.5.0 - Broken Access Control vulnerability |
| CVE-2023-32963 | WordPress Predictive Search for WooCommerce plugin <= 5.8.0 - Broken Access Control vulnerability |
| CVE-2023-33215 | WordPress Taggbox plugin <= 3.3 - Broken Access Control vulnerability |
| CVE-2023-33321 | WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure |
| CVE-2023-33324 | WordPress Easy Captcha plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2023-3365 | MultiParcels Shipping For WooCommerce < 1.14.14 - Subscriber+ Arbitrary Shipment Deletion |
| CVE-2023-34186 | WordPress Headless CMS plugin <= 2.0.3 - Broken Authentication vulnerability |
| CVE-2023-34234 | Governor proposal creation may be blocked by frontrunning in OpenZeppelin |
| CVE-2023-34376 | WordPress Change WooCommerce Add To Cart Button Text plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2023-34379 | WordPress Cart2Cart: Magento to WooCommerce Migration Plugin <= 2.0.0 is vulnerable to Broken Access Control |
| CVE-2023-34381 | WordPress Zippy plugin <= 1.6.2 - Broken Access Control vulnerability |
| CVE-2023-34387 | WordPress Constant Contact Forms plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2023-3442 | Missing Authorization in Jenkins plug-in for ServiceNow DevOps |
| CVE-2023-34463 | Unauthorized users can delete applications in DataEase |
| CVE-2023-35037 | WordPress Surfer plugin <= 1.3.2.357 - Broken Access Control vulnerability |
| CVE-2023-35040 | WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability |
| CVE-2023-35045 | WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability |
| CVE-2023-35046 | WordPress Dynamic Visibility for Elementor plugin <= 5.0.5 - Broken Access Control vulnerability |
| CVE-2023-35049 | WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-35050 | WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability |
| CVE-2023-35051 | WordPress Contact Forms by Cimatti plugin <= 1.5.7 - Broken Access Control vulnerability |
| CVE-2023-35052 | WordPress Directorist plugin <= 7.5.4 - Arbitrary Content Deletion vulnerability |
| CVE-2023-35093 | WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control |
| CVE-2023-35164 | Unauthorized users can manipulate a dashboard created by an administrator in DataEase |
| CVE-2023-35777 | WordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerability |
| CVE-2023-3587 | Inconsistent state in UI after boards permission change by system admin |
| CVE-2023-35875 | WordPress Gutenverse – Gutenberg Blocks – Page Builder for Site Editor plugin <= 1.8.5 - Broken Access Control vulnerability |
| CVE-2023-35937 | Metersphere missing permission check |
| CVE-2023-35998 | ITM Server Missing Authorization in SOAP Endpoints |
| CVE-2023-36000 | ITM Server Missing Authorization for Agent Config |
| CVE-2023-36002 | ITM Server Missing Authorization for URL validation |
| CVE-2023-36504 | WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2023-36506 | WordPress YITH WooCommerce Waitlist plugin <= 2.13.0 - Broken Access Control vulnerability |
| CVE-2023-36509 | WordPress CHP Ads Block Detector plugin <= 3.9.5 - Broken Access Control vulnerability |
| CVE-2023-36510 | WordPress ReDi Restaurant Reservation plugin <= 23.0211 - Broken Access Control vulnerability |
| CVE-2023-36512 | WordPress AutomateWoo plugin <= 5.7.5 - Broken Access Control vulnerability |
| CVE-2023-36515 | WordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-36516 | WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability |
| CVE-2023-36518 | WordPress Post Hit Counter plugin <= 1.3.2 - Broken Access Control |
| CVE-2023-36519 | WordPress SW Product Bundles plugin <= 2.0.15 - Broken Access Control vulnerability |
| CVE-2023-36526 | WordPress Duplicate Post Page Menu & Custom Post Type plugin <= 2.4.1 - Broken Access Control vulnerability |
| CVE-2023-36528 | WordPress kk Star Ratings plugin <= 5.4.3 - Rate Manipulation due to IP Spoofing Vulnerability |
| CVE-2023-36531 | WordPress LiquidPoll plugin <= 3.3.68 - Broken Access Control vulnerability |
| CVE-2023-36607 | CVE-2023-36607 |
| CVE-2023-36676 | WordPress Spectra plugin <= 2.6.6 - Broken Access Control vulnerability |
| CVE-2023-36680 | WordPress Image Regenerate & Select Crop plugin <= 7.1.0 - Broken Access Control vulnerability |
| CVE-2023-36681 | WordPress Cryptocurrency Widgets – Price Ticker & Coins List plugin <= 2.6.2 - Broken Access Control vulnerability |
| CVE-2023-36683 | WordPress Schema Pro plugin <= 2.7.8 - Broken Access Control vulnerability |
| CVE-2023-36684 | WordPress Convert Pro plugin <= 1.7.5 - Broken Access Control vulnerability |
| CVE-2023-36694 | WordPress Kingkong Board plugin <= 2.1.0.2 - Broken Access Control vulnerability |
| CVE-2023-36695 | WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability |
| CVE-2023-36815 | Sealos billing system permission control defect |
| CVE-2023-37394 | WordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerability |
| CVE-2023-37860 | PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels |
| CVE-2023-37862 | PHOENIX CONTACT: Missing Authorization in WP 6xxx Web panels |
| CVE-2023-37869 | WordPress Premium Addons PRO plugin <= 2.9.0 - Broken Access Control vulnerability |
| CVE-2023-37870 | WordPress WooCommerce Warranty Requests plugin <= 2.1.9 - Broken Access Control vulnerability |
| CVE-2023-37872 | WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.5 - Broken Access Control vulnerability |
| CVE-2023-37885 | WordPress RealHomes theme <= 4.0.2 - Broken Access Control vulnerability |
| CVE-2023-37886 | WordPress RealHomes theme <= 4.0.2 - Broken Access Control vulnerability |
| CVE-2023-37887 | WordPress WPSchoolPress plugin <= 2.2.7 - Broken Access Control vulnerability |
| CVE-2023-37890 | WordPress KB Support Plugin <= 1.5.88 is vulnerable to Broken Access Control |
| CVE-2023-37910 | org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move |
| CVE-2023-37967 | WordPress DirectoryPress plugin <= 3.6.2 - Unauthenticated Broken Access Control Vulnerability |
| CVE-2023-37969 | WordPress Checkout with Zelle on Woocommerce plugin <= 3.1 - Broken Access Control vulnerability |
| CVE-2023-37971 | WordPress WooCommerce Product Stock Alert plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2023-37984 | WordPress Quiz And Survey Master plugin <= 8.1.10 - Broken Access Control vulnerability |
| CVE-2023-37987 | WordPress YourMembership Single Sign On plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2023-37989 | WordPress Easyship WooCommerce Shipping Rates plugin <= 0.9.0 - Broken Access Control vulnerability |
| CVE-2023-38102 | NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability |
| CVE-2023-38383 | WordPress Language plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2023-38385 | WordPress Jupiter X Core plugin <= 3.3.0 - Multiple Auth. Broken Access Control vulnerability |
| CVE-2023-38386 | WordPress Ninja Forms plugin <= 3.6.25 - Contributor+ Broken Access Control vulnerability |
| CVE-2023-38393 | WordPress Ninja Forms plugin <= 3.6.25 - Subscriber+ Broken Access Control vulnerability |
| CVE-2023-38394 | WordPress Jupiter X Core plugin <= 3.3.0 - Multiple Auth. Broken Access Control vulnerability |
| CVE-2023-38395 | WordPress WP Clone Menu plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2023-38475 | WordPress Donations Made Easy – Smart Donations plugin <= 4.0.12 - Broken Access Control vulnerability |
| CVE-2023-38477 | WordPress QR code MeCard/vCard generator plugin <= 1.6.0 - Broken Access Control vulnerability |
| CVE-2023-38479 | WordPress Simple Googlebot Visit plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2023-38480 | WordPress Booster Elementor Addons plugin <= 1.4.9 - Broken Access Control vulnerability |
| CVE-2023-38483 | WordPress Instant CSS plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2023-38508 | Tuleap allows preview of a linked artifact with a type does not respect permissions |
| CVE-2023-38510 | Tolgee Lacks Permission Check for API Key for some endpoints |
| CVE-2023-38514 | WordPress Social Share Icons & Social Share Buttons plugin <= 3.5.7 - Broken Access Control vulnerability |
| CVE-2023-39167 | SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability |
| CVE-2023-39298 | QTS, QuTS hero |
| CVE-2023-39305 | WordPress Yet Another Stars Rating plugin <= 3.4.3 - Broken Access Control vulnerability |
| CVE-2023-39310 | WordPress Avada Builder plugin <= 3.11.1 - Authenticated Broken Access Control vulnerability |
| CVE-2023-39312 | WordPress Avada theme <= 7.11.1 - Auth. Unrestricted Zip Extraction vulnerability |
| CVE-2023-39438 | Missing Authorization check allows certain operations on CLA Assistant data |
| CVE-2023-39544 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSC... |
| CVE-2023-39920 | WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability |
| CVE-2023-39922 | WordPress Avada theme <= 7.11.1 - Authenticated Broken Access Control vulnerability |
| CVE-2023-39966 | 1Panel arbitrary file write vulnerability exists in the background |
| CVE-2023-39990 | WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability |
| CVE-2023-39993 | WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability |
| CVE-2023-39994 | WordPress ARMember Premium plugin <= 5.9.2 - Broken Access Control |
| CVE-2023-39995 | WordPress Portfolio and Projects plugin <= 1.3.7 - Broken Access Control vulnerability |
| CVE-2023-39996 | WordPress Accordion and Accordion Slider plugin <= 1.2.4 - Broken Access Control |
| CVE-2023-39997 | WordPress Popup by Supsystic plugin <= 1.10.19 - Broken Access Control Vulnerability |
| CVE-2023-39998 | WordPress BeTheme theme <= 27.1.1 - Author+ Broken Access Control vulnerability |
| CVE-2023-40001 | WordPress iThemes Sync plugin <= 2.1.13 - Broken Access Control vulnerability |
| CVE-2023-40003 | WordPress WP Project Manager plugin <= 2.6.7 - Broken Access Control vulnerability |
| CVE-2023-40004 | Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins |
| CVE-2023-40005 | WordPress Easy Digital Downloads plugin <= 3.1.5 - Broken Access Control |
| CVE-2023-40011 | WordPress Cost Calculator Builder plugin <= 3.1.42 - Broken Access Control vulnerability |
| CVE-2023-40027 | Conditionally missing authorization in @keystone-6/core |
| CVE-2023-40203 | WordPress MailChimp Forms by MailMunch plugin <= 3.1.4 - Broken Access Control |
| CVE-2023-40209 | WordPress Highcompress Image Compressor plugin <= 6.0.0 - Broken Access Control vulnerability |
| CVE-2023-40213 | WordPress Justified Gallery plugin <= 1.7.3 - Broken Access Control vulnerability |
| CVE-2023-4024 | Radio Player <= 2.0.73 - Missing Authorization to Player Deletion |
| CVE-2023-4025 | Radio Player <= 2.0.73 - Missing Authorization to Player Update |
| CVE-2023-4027 | Radio Player <= 2.0.73 - Missing Authorization to Settings Update |
| CVE-2023-40327 | WordPress Putler Connector for WooCommerce plugin <= 2.12.0 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-40331 | WordPress Accordion Slider plugin <= 1.9.6 - Broken Access Control vulnerability |
| CVE-2023-40334 | WordPress HUSKY – Products Filter for WooCommerce Professional plugin <= 1.3.4.2 - Broken Access Control vulnerability |
| CVE-2023-40376 | IBM UrbanCode Deploy (UCD) improper authentication controls |
| CVE-2023-4059 | Profile Builder < 3.9.8 - Unauthenticated Plugin's Pages Creation |
| CVE-2023-40603 | WordPress Simple Org Chart plugin <= 2.3.4 - Broken Access Control vulnerability |
| CVE-2023-40608 | WordPress Paid Memberships Pro CCBill Gateway plugin <= 0.3 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-40625 | Missing Authorization check in SAP Manage Purchase Contracts App |
| CVE-2023-40670 | WordPress ReviewX plugin <= 1.6.17 - Broken Access Control vulnerability |
| CVE-2023-40672 | WordPress Sticky Social Media Icons plugin <= 2.1 - Broken Access Control vulnerability |
| CVE-2023-40678 | WordPress Simple URLs plugin <= 117 - Broken Access Control vulnerability |
| CVE-2023-41046 | Velocity execution without script rights in Xwiki platform |
| CVE-2023-4105 | Attachment of deleted message in a thread remains accessible and downloadable |
| CVE-2023-4106 | A guest user can perform various actions on public playbooks |
| CVE-2023-41130 | WordPress Premmerce User Roles plugin <= 1.0.12 - Broken Access Control vulnerability |
| CVE-2023-41132 | WordPress Category Slider for WooCommerce plugin <= 1.4.15 - Broken Access Control vulnerability |
| CVE-2023-4124 | Missing Authorization in answerdev/answer |
| CVE-2023-41240 | WordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerability |
| CVE-2023-41296 | Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integri... |
| CVE-2023-41649 | WordPress Ovic Product Bundle plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2023-41651 | WordPress Multi-column Tag Map plugin <= 17.0.26 - Broken Access Control vulnerability |
| CVE-2023-41664 | WordPress Easy Newsletter Signups plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2023-41671 | WordPress Abandoned Cart Lite for WooCommerce plugin <= 5.16.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2023-41683 | WordPress TelSender plugin <= 1.14.11 - Broken Access Control + CSRF vulnerability |
| CVE-2023-41688 | WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 1.5 - Broken Access Control vulnerability |
| CVE-2023-41689 | WordPress Post to Google My Business (Google Business Profile) plugin <= 3.1.14 - Broken Access Control vulnerability |
| CVE-2023-41690 | WordPress WiserNotify Social Proof plugin <= 2.5 - Broken Access Control vulnerability |
| CVE-2023-41695 | WordPress Analytify plugin <= 5.1.0 - Broken Access Control vulnerability |
| CVE-2023-41750 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, mac... |
| CVE-2023-41802 | WordPress Super Socializer plugin <= 7.13.54 - Broken Access Control vulnerability |
| CVE-2023-41803 | WordPress BitPay Checkout for WooCommerce plugin <= 4.1.0 - Broken Access Control vulnerability |
| CVE-2023-41805 | Broken Access Control vulnerability in multiple Brainstorm Force plugins |
| CVE-2023-41848 | WordPress Carousel Slider plugin <= 2.2.2 - Broken Access Control vulnerability |
| CVE-2023-41849 | WordPress Posts Like Dislike plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2023-41857 | WordPress Click To Tweet plugin <= 2.0.14 - Broken Access Control vulnerability |
| CVE-2023-41865 | WordPress Slider Pro plugin <= 4.8.6 - Broken Access Control vulnerability |
| CVE-2023-41866 | WordPress Automatic YouTube Gallery plugin <= 2.3.3 - Broken Access Control vulnerability |
| CVE-2023-41869 | WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.4 - Broken Access Control vulnerability |
| CVE-2023-41870 | WordPress WP Crowdfunding plugin <= 2.1.5 - Broken Access Control vulnerability |
| CVE-2023-33968 | Missing Access Control allows User to move and duplicate tasks in Kanboard |
| CVE-2023-41873 | WordPress SAML Single Sign On – SSO Login plugin <= 5.0.4 - Broken Access Control vulnerability |
| CVE-2023-41875 | WordPress WP Directory Kit plugin <= 1.2.6 - Broken Access Control vulnerability |
| CVE-2023-41951 | WordPress rtMedia for WordPress, BuddyPress and bbPress plugin <= 4.6.14 - Broken Access Control vulnerability |
| CVE-2023-41952 | WordPress Fluent Forms plugin <= 5.0.8 - Broken Access Control vulnerability |
| CVE-2023-41953 | WordPress ProfilePress plugin <= 4.13.1 - Broken Access Control vulnerability |
| CVE-2023-4198 | Dolibarr ERP CRM (<= 17.0.3) Improper Access Control |
| CVE-2023-42473 | Missing Authorization Check In S/4HANA (Manage Withholding Tax Items) |
| CVE-2023-4302 | Missing permission checks in Fortify Plugin allow capturing credentials |
| CVE-2023-43652 | Non-MFA account takeover via using only SSH public key to login in jumpserver |
| CVE-2023-43700 | Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no n... |
| CVE-2023-44142 | WordPress Inactive Logout plugin <= 3.2.2 - Broken Access Control vulnerability |
| CVE-2023-44147 | WordPress Comment Blacklist Updater plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2023-44148 | WordPress Astra Bulk Edit plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2023-44149 | WordPress Brands for WooCommerce plugin <= 3.8.2.2 - Broken Access Control vulnerability |
| CVE-2023-44151 | WordPress Pre-Publish Checklist plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2023-44208 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-44210 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-44211 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-44212 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-44214 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, mac... |
| CVE-2023-44227 | WordPress Simple File List Plugin <= 6.1.9 is vulnerable to Arbitrary File Deletion |
| CVE-2023-44234 | WordPress WP GPX Maps plugin <= 1.7.08 - Broken Access Control vulnerability |
| CVE-2023-44258 | WordPress Schema App Structured Data plugin <= 1.23.1 - Broken Access Control + CSRF vulnerability |
| CVE-2023-4434 | Missing Authorization in hamza417/inure |
| CVE-2023-44472 | WordPress Unyson plugin <= 2.7.28 - Broken Access Control vulnerability |
| CVE-2023-4468 | Poly Trio 8500/Trio 8800/Trio C60 Poly Lens Management Cloud Registration authorization |
| CVE-2023-44988 | WordPress WP Custom Admin Interface plugin <= 7.32 - Broken Access Control vulnerability |
| CVE-2023-45000 | WordPress LiteSpeed Cache plugin <= 5.7 - Unauthenticated Broken Access Control on API vulnerability |
| CVE-2023-45002 | WordPress WP User Frontend plugin <= 3.6.8 - Broken Access Control vulnerability |
| CVE-2023-45045 | WordPress WP Custom Widget area plugin <= 1.2.5 - Broken Access Control vulnerability |
| CVE-2023-45061 | WordPress WP Job Openings plugin <= 3.4.1 - Broken Access Control vulnerability |
| CVE-2023-33970 | Missing access control in internal task links feature in Kanboard |
| CVE-2023-45101 | WordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerability |
| CVE-2023-45104 | WordPress BetterLinks plugin <= 1.6.0 - Broken Access Control vulnerability |
| CVE-2023-45110 | WordPress Bold Timeline Lite plugin <= 1.1.9 - Broken Access Control vulnerability |
| CVE-2023-45240 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, mac... |
| CVE-2023-45242 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, mac... |
| CVE-2023-45243 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, mac... |
| CVE-2023-45244 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-45245 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, mac... |
| CVE-2023-45246 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-45247 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-45271 | WordPress ProductX – Gutenberg WooCommerce Blocks plugin <= 2.7.8 - Broken Access Control vulnerability |
| CVE-2023-45272 | WordPress 10Web Map Builder for Google Maps plugin <= 1.0.73 - Notice Dismissal Vulnerability |
| CVE-2023-45275 | WordPress Contact Form builder with drag & drop plugin <= 2.3.28 - Broken Access Control vulnerability |
| CVE-2023-45631 | WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2023-45633 | WordPress IMPress Listings plugin <= 2.6.2 - Broken Access Control vulnerability |
| CVE-2023-45636 | WordPress Backup & Migration plugin <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2023-33992 | Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA |
| CVE-2023-33994 | WordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerability |
| CVE-2023-33995 | WordPress Photo Gallery by 10Web plugin <= 1.8.15 - Broken Access Control vulnerability |
| CVE-2023-45649 | WordPress Appointment Hour Booking plugin <= 1.4.23 - Broken Access Control vulnerability |
| CVE-2023-45658 | WordPress Nexter theme <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2023-45760 | WordPress wpDiscuz plugin <= 7.6.3 - Broken Access Control vulnerability |
| CVE-2023-45765 | WordPress WP ERP plugin <= 1.12.6 - Broken Access Control vulnerability |
| CVE-2023-45766 | WordPress Poll Maker plugin <= 4.7.1 - Broken Access Control vulnerability |
| CVE-2023-45828 | WordPress RumbleTalk Live Group Chat plugin <= 6.2.5 - Broken Access Control vulnerability |
| CVE-2023-4606 | An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. ... |
| CVE-2023-46073 | WordPress DX Delete Attached Media plugin <= 2.0.5.1 - Broken Access Control vulnerability + CSRF |
| CVE-2023-46079 | WordPress Ashe Extra plugin <= 1.2.9 - Broken Access Control + CSRF vulnerability |
| CVE-2023-46080 | WordPress ApplyOnline – Application Form Builder and Manager plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2023-46082 | WordPress Broken Link Checker | Finder plugin <= 2.4.2 - Broken Access Control vulnerability |
| CVE-2023-46083 | WordPress Kali Forms plugin <= 2.3.27 - Broken Access Control vulnerability |
| CVE-2023-46146 | WordPress Themify Ultra theme <= 7.3.5 - Multiple Broken Access Control vulnerability |
| CVE-2023-46148 | WordPress Themify Ultra theme <= 7.3.5 - Authenticated Arbitrary Settings Change vulnerability |
| CVE-2023-46188 | WordPress Freesoul Deactivate Plugins plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2023-46195 | WordPress Headline Analyzer plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2023-46196 | WordPress Social proof testimonials and reviews by Repuso plugin <= 4.97 - Broken Access Control vulnerability |
| CVE-2023-46203 | WordPress Just Custom Fields plugin <= 3.3.2 - Broken Access Control vulnerability |
| CVE-2023-46206 | WordPress MW WP Form plugin <= 4.4.5 - Broken Access Control vulnerability |
| CVE-2023-46212 | WordPress WP EXtra Plugin <= 6.2 is vulnerable to Broken Access Control |
| CVE-2023-4630 | Missing Authorization in GitLab |
| CVE-2023-46309 | WordPress wpDiscuz plugin <= 7.6.10 - Broken Access Control vulnerability |
| CVE-2023-46605 | WordPress Convertful – Your Ultimate On-Site Conversion Tool plugin <= 2.5 - Broken Access Control vulnerability |
| CVE-2023-46606 | WordPress AtomChat plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2023-46607 | WordPress WP iCal Availability plugin <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2023-46608 | WordPress DoLogin Security plugin <= 3.7.1 - Multiple Broken Access Control vulnerability |
| CVE-2023-46609 | WordPress FeedFocal plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2023-46610 | WordPress Quill Forms plugin <= 3.3.0 - Broken Access Control + CSRF vulnerability |
| CVE-2023-46612 | WordPress Mediabay plugin <= 1.6 - Broken Access Control vulnerability |
| CVE-2023-46616 | WordPress Draw Attention plugin <= 2.0.15 - Broken Access Control vulnerability |
| CVE-2023-46628 | WordPress WP Word Count plugin <= 3.2.4 - Broken Access Control vulnerability |
| CVE-2023-46631 | WordPress Product Recommendation Quiz for eCommerce plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2023-46632 | WordPress My Shortcodes plugin <= 2.3 - Broken Access Control vulnerability |
| CVE-2023-46633 | WordPress WP Glossary plugin <= 3.1.2 - Broken Access Control vulnerability |
| CVE-2023-46635 | WordPress YITH WooCommerce Product Add-Ons plugin <= 4.2.0 - Broken Access Control vulnerability |
| CVE-2023-46637 | WordPress Generate Dummy Posts plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2023-46639 | WordPress kk Star Ratings plugin <= 5.4.5 - Broken Access Control vulnerability |
| CVE-2023-46644 | WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability |
| CVE-2023-4700 | Missing Authorization in GitLab |
| CVE-2023-47112 | Authenticated users can view job names and groups they do not have authorization to view in Rundeck |
| CVE-2023-47148 | IBM Storage Protect Plus Server information disclosure |
| CVE-2023-47179 | WordPress WooODT Lite plugin <= 2.4.6 - Arbitrary Site Option Update vulnerability |
| CVE-2023-47180 | WordPress Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin <= 2.16.0 - Arbitrary Content Deletion vulner... |
| CVE-2023-47183 | WordPress GiveWP plugin <= 2.33.1 - Broken Access Control vulnerability |
| CVE-2023-47187 | WordPress Animated Rotating Words plugin <= 5.4 - Broken Access Control vulnerability |
| CVE-2023-47188 | WordPress Simple Job Board plugin <= 2.10.5 - Broken Access Control vulnerability |
| CVE-2023-47224 | WordPress WP Travel plugin <= 7.8.0 - Broken Access Control vulnerability |
| CVE-2023-47225 | WordPress Short URL plugin <= 1.6.8 - Broken Access Control vulnerability |
| CVE-2023-47241 | WordPress CoCart – Headless ecommerce plugin <= 3.11.2 - Broken Access Control vulnerability |
| CVE-2023-4730 | LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.3 - Missing Authorization via init_endpoint |
| CVE-2023-47515 | WordPress Seers | GDPR & CCPA Cookie Consent & Compliance plugin <= 8.1.1 - Broken Access Control vulnerability |
| CVE-2023-47523 | WordPress Auto Tag Creator plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2023-47557 | WordPress Visitor Traffic Real Time Statistics plugin <= 7.2 - Broken Access Control vulnerability |
| CVE-2023-47647 | WordPress BadgeOS plugin <= 3.7.1.6 - Broken Access Control vulnerability |
| CVE-2023-33996 | WordPress Spam protection, AntiSpam, FireWall by CleanTalk plugin <= 6.10 - Broken Access Control vulnerability |
| CVE-2023-33998 | WordPress Easy Social Icons plugin <= 3.2.5 - Broken Access Control vulnerability |
| CVE-2023-34003 | WordPress WooCommerce Box Office plugin <= 1.1.51 - Unauthenticated Save Ticket Barcode vulnerability |
| CVE-2023-34009 | WordPress Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.1 - Broken Access Control + CSRF |
| CVE-2023-34014 | WordPress Grid Plus plugin <= 1.3.2 - Broken Access Control vulnerability |
| CVE-2023-34019 | WordPress Uncanny Toolkit for LearnDash plugin <= 3.6.4.3 - Broken Access Control vulnerability |
| CVE-2023-47681 | WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability |
| CVE-2023-47689 | WordPress Animator plugin <= 3.0.10 - Unauthenticated Plugin Settings Change Vulnerability |
| CVE-2023-47692 | WordPress Flo Forms plugin <= 1.0.41 - Broken Access Control vulnerability |
| CVE-2023-47693 | WordPress Ultimate Addons for Contact Form 7 plugin <= 3.2.6 - Broken Access Control vulnerability |
| CVE-2023-47694 | WordPress Mini Cart Drawer For WooCommerce plugin <= 4.0.0 - Broken Access Control vulnerability |
| CVE-2023-47698 | WordPress Japanized For WooCommerce plugin <= 2.6.4 - Multiple Broken Access Control vulnerability |
| CVE-2023-47754 | WordPress Delete Duplicate Posts Plugin <= 4.8.9 is vulnerable to Broken Access Control |
| CVE-2023-47756 | WordPress Welcome Email Editor plugin <= 5.0.6 - Broken Access Control vulnerability |
| CVE-2023-47757 | WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control |
| CVE-2023-47760 | WordPress Essential Blocks plugin <= 4.2.0 - Broken Access Control vulnerability |
| CVE-2023-47761 | WordPress Simple 301 Redirects by BetterLinks plugin <= 2.0.7 - Broken Access Control vulnerability |
| CVE-2023-47762 | WordPress BetterDocs plugin <= 2.5.2 - Broken Access Control vulnerability |
| CVE-2023-47763 | WordPress WP Custom Admin Interface plugin <= 7.31 - Broken Access Control vulnerability |
| CVE-2023-47764 | WordPress Ditty plugin <= 3.1.24 - Broken Access Control vulnerability |
| CVE-2023-47770 | WordPress BeTheme theme <= 27.1.1 - Contributor+ Broken Access Control vulnerability |
| CVE-2023-47771 | WordPress Essential Grid plugin <= 3.0.18 - Multiple Authenticated Broken Access Control vulnerability |
| CVE-2023-47776 | WordPress miniorange otp verification plugin <= 4.2.1 - Broken Access Control vulnerability |
| CVE-2023-47778 | WordPress LuckyWP Scripts Control plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2023-47780 | WordPress EasyAzon – Amazon Associates Affiliate Plugin plugin <= 5.1.0 - Broken Access Control vulnerability |
| CVE-2023-47783 | WordPress Thrive Theme Builder theme < 3.24.0 - Multiple Authenticated Broken Access Control vulnerability |
| CVE-2023-47788 | WordPress Jetpack plugin < 12.7 - Contributor+ Broken Access Control vulnerability |
| CVE-2023-47793 | WordPress Acme Fix Images plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2023-47805 | WordPress WPCafe plugin <= 2.2.22 - Broken Access Control vulnerability |
| CVE-2023-47807 | WordPress 10WebAnalytics plugin <= 1.2.12 - Broken Access Control vulnerability |
| CVE-2023-47820 | WordPress WP Like Button plugin <= 1.7.0 - Broken Access Control vulnerability |
| CVE-2023-47822 | WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10 - Broken Access Control vulnerability |
| CVE-2023-47823 | WordPress FormCraft – Contact Form Builder for WordPress plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2023-47826 | WordPress Restaurant & Cafe Addon for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability |
| CVE-2023-47828 | WordPress wpMandrill plugin <= 1.33 - Broken Access Control vulnerability |
| CVE-2023-47830 | WordPress Live Preview for Contact Form 7 plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2023-47832 | WordPress SearchIQ plugin <= 4.4 - Broken Access Control vulnerability |
| CVE-2023-47836 | WordPress WP Meta and Date Remover plugin <= 2.3.0 - Broken Access Control vulnerability |
| CVE-2023-47838 | WordPress Conditional Fields for Contact Form 7 plugin <= 2.4.1 - Broken Access Control vulnerability |
| CVE-2023-47841 | WordPress Analytify plugin <= 5.1.1 - Broken Access Control vulnerability |
| CVE-2023-47847 | WordPress PayTR Taksit Tablosu plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2023-47849 | WordPress BlossomThemes Email Newsletter plugin <= 2.2.4 - Broken Access Control vulnerability |
| CVE-2023-47870 | WordPress wpForo Forum Plugin <= 2.2.6 is vulnerable to Broken Access Control and Cross Site Request Forgery (CSRF) |
| CVE-2023-47871 | WordPress Contact Form to Any API plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2023-47874 | WordPress Perfmatters Plugin <= 2.1.6 is vulnerable to Broken Access Control |
| CVE-2023-48222 | Authenticated users can view or delete jobs they do not have authorization for in Rundeck |
| CVE-2023-48273 | WordPress Preloader for Website plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-48274 | WordPress WCMultiShipping plugin <= 2.3.5 - Broken Access Control vulnerability |
| CVE-2023-48277 | WordPress Super Progressive Web Apps plugin <= 2.2.21 - Broken Access Control vulnerability |
| CVE-2023-48280 | WordPress Consensu.io plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2023-48286 | WordPress Accept Stripe Payments plugin <= 2.0.79 - Broken Access Control vulnerability |
| CVE-2023-48287 | WordPress TextMe SMS plugin <= 1.9.0 - Broken Access Control vulnerability |
| CVE-2023-48324 | WordPress Awesome Support HelpDesk plugin <= 6.1.4 - Broken Access control vulnerability |
| CVE-2023-48332 | WordPress Mail Bank – #1 Mail SMTP Plugin for WordPress plugin <= 4.0.14 - Broken Access Control vulnerability |
| CVE-2023-48375 | SmartStar Software CWS Web-Base - Broken Access Control |
| CVE-2023-48676 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-48683 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-48684 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis... |
| CVE-2023-48739 | WordPress Porto Theme Functionality plugin < 2.12.1 - Broken Access Control vulnerability |
| CVE-2023-48740 | WordPress Easy Social Feed plugin <= 6.5.1 - Broken Access Control vulnerability |
| CVE-2023-48750 | WordPress Void Elementor Post Grid Addon for Elementor Page builder plugin <= 2.1.10 - Broken Access Control vulnerability |
| CVE-2023-48751 | WordPress Participants Database Plugin <= 2.5.5 is vulnerable to Broken Access Control |
| CVE-2023-48758 | WordPress JetEngine plugin <= 3.2.4 - Broken Access Control vulnerability |
| CVE-2023-48759 | WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability |
| CVE-2023-48760 | WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-48761 | WordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerability |
| CVE-2023-48774 | WordPress IdeaPush plugin < 8.58 - Broken Access Control vulnerability |
| CVE-2023-48775 | WordPress WP CleanFix plugin <= 5.6.2 - Broken Access Control vulnerability |
| CVE-2023-48776 | WordPress canvasio3D Light plugin <= 2.5.0 - Broken Access Control vulnerability |
| CVE-2023-48779 | WordPress 360 Javascript Viewer plugin <= 1.7.11 - Broken Access Control vulnerability |
| CVE-2023-4895 | Missing Authorization in GitLab |
| CVE-2023-49154 | WordPress Button Generator – easily Button Builder plugin <= 2.3.8 - Broken Access Control vulnerability |
| CVE-2023-49156 | WordPress GoDaddy Email Marketing plugin <= 1.4.3 - Broken Access Control vulnerability |
| CVE-2023-49167 | WordPress Database for CF7 plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2023-49192 | WordPress Enhanced Text Widget plugin <= 1.6.3 - Broken Access Control vulnerability |
| CVE-2023-49193 | WordPress Grow Social plugin <= 1.30.0 - Broken Access Control vulnerability |
| CVE-2023-49196 | WordPress Pagelayer plugin <= 1.7.7 - Broken Access Control vulnerability |
| CVE-2023-49620 | Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for |
| CVE-2023-49742 | WordPress Support Genix plugin <= 1.2.3 - Broken Access Control lead to Arbitrary File Upload vulnerability |
| CVE-2023-49754 | WordPress Bulk Edit Post Titles plugin <= 5.0.0 - Broken Access Control vulnerability |
| CVE-2023-49755 | WordPress Elementor Timeline Widget plugin <= 2.2 - Notice Dismissal Vulnerability |
| CVE-2023-49756 | WordPress Eventin plugin <= 3.3.52 - Authenticated Notice Dismissal Vulnerability |
| CVE-2023-49757 | WordPress Awesome Support plugin <= 6.1.10 - Broken Access Control + CSRF vulnerability |
| CVE-2023-49758 | WordPress WP Booking System plugin <= 2.0.19.2 - Broken Access Control vulnerability |
| CVE-2023-49817 | WordPress Flexible Woocommerce Checkout Field Editor plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2023-49818 | WordPress Webflow Pages plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2023-49831 | WordPress RegistrationMagic plugin <= 5.2.3.0 - Broken Access Control vulnerability |
| CVE-2023-49832 | WordPress Site Reviews plugin <= 6.10.2 - Broken Access Control vulnerability |
| CVE-2023-49835 | WordPress Post Duplicator plugin <= 2.31 - Broken Access Control vulnerability |
| CVE-2023-49845 | WordPress Redirects plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2023-49848 | WordPress Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2023-49849 | WordPress Shortcoder plugin <= 6.3 - Broken Access Control vulnerability |
| CVE-2023-49850 | WordPress WP Simple HTML Sitemap plugin <= 2.7 - Broken Access Control vulnerability |
| CVE-2023-49851 | WordPress Square Thumbnails plugin <= 1.1.1 - Broken Access Control + CSRF vulnerability |
| CVE-2023-49856 | WordPress Smart Forms plugin <= 2.6.84 - Authenticated Arbitrary Options Change Vulnerability |
| CVE-2023-49857 | WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability |
| CVE-2023-49858 | WordPress Custom Login plugin <= 4.1.0 - Broken Access Control vulnerability |
| CVE-2023-49859 | WordPress Login With Ajax plugin <= 4.1 - Broken Access Control vulnerability |
| CVE-2023-49861 | WordPress Social Media Feather plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2023-50373 | WordPress Alt Manager plugin <= 1.6.1 - Broken Access Control vulnerability |
| CVE-2023-50375 | WordPress Translate WordPress – Google Language Translator plugin <= 6.0.19 - Broken Access Control vulnerability |
| CVE-2023-5056 | Skupper-operator: privelege escalation via config map |
| CVE-2023-5061 | Missing Authorization in GitLab |
| CVE-2023-50850 | WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability |
| CVE-2023-50876 | WordPress Molongui plugin <= 4.7.3 - Broken Access Control vulnerability |
| CVE-2023-50877 | WordPress Product Filter by WBW plugin <= 2.5.0 - Broken Access Control vulnerability |
| CVE-2023-50882 | WordPress ProfilePress plugin <= 4.13.2 - Broken Access Control vulnerability |
| CVE-2023-50884 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2023-50887 | WordPress User Feedback plugin <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2023-50898 | WordPress Image Optimizer, Resizer and CDN – Sirv plugin <= 7.1.2 - Broken Access Control vulnerability |
| CVE-2023-50899 | WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX plugin <= 5.0.2 - Broken Access Control vulnerability |
| CVE-2023-50903 | WordPress Metform Elementor Contact Form Builder plugin <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2023-50904 | WordPress Poll Maker plugin <= 4.8.0 - Broken Access Control vulnerability |
| CVE-2023-50944 | Apache Airflow: Bypass permission verification to read code of other dags |
| CVE-2023-51353 | WordPress Popup by Supsystic plugin <= 1.10.19 - Broken Access Control vulnerability |
| CVE-2023-51355 | WordPress MultiVendorX plugin <= 4.0.23 - Broken Access Control vulnerability |
| CVE-2023-51357 | WordPress Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.0 -... |
| CVE-2023-51359 | WordPress Essential Blocks plugin <= 4.2.0 - Multiple Contributor+ Broken Access Control vulnerability |
| CVE-2023-51360 | WordPress Essential Blocks plugin <= 4.2.0 - Multiple Subscriber+ Broken Access Control vulnerability |
| CVE-2023-51362 | WordPress myStickyElements plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2023-51375 | WordPress EmbedPress plugin <= 3.8.3 - Broken Access Control vulnerability |
| CVE-2023-51376 | WordPress ProjectHuddle Client Site plugin <= 1.0.34 - Broken Access Control vulnerability |
| CVE-2023-51377 | WordPress Everest Forms plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2023-51413 | WordPress Piotnet Forms plugin <= 1.0.29 - Broken Access Control vulnerability |
| CVE-2023-51418 | WordPress JVM rich text icons plugin <= 1.2.6 - Arbitrary File Deletion vulnerability |
| CVE-2023-51494 | WordPress WooCommerce Product Vendors plugin <= 2.2.1 - Broken Access Control vulnerability |
| CVE-2023-51495 | WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability |
| CVE-2023-51496 | WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability |
| CVE-2023-51497 | WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability |
| CVE-2023-51498 | WordPress WooCommerce Canada Post Shipping plugin <= 2.8.3 - Broken Access Control vulnerability |
| CVE-2023-51499 | WordPress WooCommerce Shipping Per Product plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2023-51500 | WordPress Uncode Core plugin <= 2.8.8 - Arbitrary File Deletion vulnerability |
| CVE-2023-51507 | WordPress Quiz And Survey Master plugin <= 8.1.16 - Broken Access Control vulnerability |
| CVE-2023-51515 | WordPress Uncode Core plugin <= 2.8.8 - Privilege Escalation vulnerability |
| CVE-2023-51516 | WordPress Business Directory Plugin – Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnera... |
| CVE-2023-51519 | WordPress Slider by Soliloquy – Responsive Image Slider for WordPress plugin <= 2.7.2 - Broken Access Control vulnerability |
| CVE-2023-51523 | WordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.7 - Broken Access Control vulnerability |
| CVE-2023-51524 | WordPress weForms plugin <= 1.6.18 - Broken Access Control vulnerability |
| CVE-2023-51526 | WordPress Simple Staff List plugin <= 2.2.4 - Broken Access Control vulnerability |
| CVE-2023-51537 | WordPress Awesome Support plugin <= 6.1.5 - Broken Access Control vulnerability |
| CVE-2023-5165 | Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell |
| CVE-2023-51650 | Unauthorized access vulnerability on three interfaces |
| CVE-2023-51670 | WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Arbitrary Plugin Activation vulnerability |
| CVE-2023-51671 | WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Plugin Settings Change vulnerability |
| CVE-2023-51672 | WordPress FunnelKit Checkout plugin <= 3.10.3 - Unauthenticated Arbitrary Post/Page Deletion vulnerability |
| CVE-2023-51679 | WordPress BulkGate SMS Plugin for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability |
| CVE-2023-51680 | WordPress Quotes for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2023-51682 | WordPress MC4WP plugin <= 4.9.9 - Broken Access Control vulnerability |
| CVE-2023-51692 | WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control |
| CVE-2023-52117 | WordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerability |
| CVE-2023-52177 | WordPress Integrate Google Drive plugin <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2023-52179 | WordPress Product Expiry for WooCommerce plugin <= 2.5 - Broken Access Control vulnerability |
| CVE-2023-52183 | WordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerability |
| CVE-2023-52186 | WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-52199 | WordPress ActivityPub plugin <= 1.0.5 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-52211 | WordPress WP Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2023-52214 | WordPress Void Contact Form 7 Widget For Elementor Page Builder plugin <= 2.3 - Broken Access Control vulnerability |
| CVE-2023-52217 | WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability |
| CVE-2023-52220 | WordPress MonsterInsights plugin <= 8.21.0 - Broken Access Control vulnerability |
| CVE-2023-52224 | WordPress Revolut Gateway for WooCommerce plugin <= 4.9.7 - Broken Access Control vulnerability |
| CVE-2023-52227 | WordPress MailerLite – WooCommerce integration plugin <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2023-52229 | WordPress Word Replacer Pro plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2023-52230 | WordPress Booster Plus for WooCommerce plugin < 7.1.3 - Authenticated Arbitrary WordPress Option Disclosure Vulnerability |
| CVE-2023-52232 | WordPress Booster Plus for WooCommerce plugin < 7.1.2 - Authenticated Arbitrary Post/Page Deletion Vulnerability |
| CVE-2023-52233 | WordPress POST SMTP Mailer plugin <= 2.8.6 - Broken Access Control on API vulnerability |
| CVE-2023-5321 | Missing Authorization in hamza417/inure |
| CVE-2023-5331 | File Information Leak via IDOR in file_id in Draft Posts |
| CVE-2023-5509 | myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion |
| CVE-2023-5525 | Limit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update |
| CVE-2023-5559 | 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion |
| CVE-2023-5600 | Missing Authorization in GitLab |
| CVE-2023-5611 | Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import |
| CVE-2023-5612 | Missing Authorization in GitLab |
| CVE-2023-5651 | WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion |
| CVE-2023-5737 | WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update |
| CVE-2023-5862 | Missing Authorization in hamza417/inure |
| CVE-2023-47648 | WordPress EazyDocs plugin <= 2.3.5 - Broken Access Control vulnerability |
| CVE-2023-47661 | WordPress Dragfy Addons for Elementor plugin <= 1.0.2 - Broken Access Control + CSRF vulnerability |
| CVE-2023-6020 | Ray Static File Local File Include |
| CVE-2023-6029 | EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management |
| CVE-2023-6038 | Local File Inclusion in h2oai/h2o-3 |
| CVE-2023-6048 | Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update |
| CVE-2023-6066 | WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update |
| CVE-2023-6077 | Slider - Ultimate Responsive Image Slider < 3.5.12 - Subscriber+ Arbitrary Post Access |
| CVE-2023-6139 | Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update |
| CVE-2023-6257 | Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read |
| CVE-2023-6279 | Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS |
| CVE-2023-6394 | Quarkus: graphql operations over websockets bypass |
| CVE-2023-6554 | Missing authorisation in TCExam |
| CVE-2023-6840 | Missing Authorization in GitLab |
| CVE-2023-6955 | Missing Authorization in GitLab |
| CVE-2023-7202 | Fatal Error Notify < 1.5.3 - Subscriber+ Test Error Email Sending |
| CVE-2023-7203 | Smart Forms < 2.6.87 - Subscriber+ Arbitrary Entry Deletion |
| CVE-2023-7268 | ArtPlacer Widget < 2.21.2 - Subscriber+ Arbitrary Widget Deletion |
| CVE-2023-7287 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'pt_cancel_subscription' |
| CVE-2023-7288 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'update_profile_preference' |
| CVE-2023-7289 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_sw_save_api_keys' |
| CVE-2023-7290 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_for_verified_profiles' |
| CVE-2023-7291 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_account' |
| CVE-2023-7292 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss' |
| CVE-2023-7293 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_mollie_account_details' |
| CVE-2023-7294 | Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profile' |
| CVE-2023-7306 | Frontend File Manager <= 21.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2023-7317 | Nagios XI < 2024R1 Web SSH Terminal Missing Access Control |
| CVE-2024-0122 | NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauth... |
| CVE-2024-0138 | NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit o... |
| CVE-2024-0235 | EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure |
| CVE-2024-0236 | EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password Disclosure |
| CVE-2024-0237 | EventON (Free < 2.2.9, Premium <= 4.5.8) - Unauthenticated Virtual Event Settings Update |
| CVE-2024-0238 | EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update |
| CVE-2024-0248 | EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management |
| CVE-2024-0394 | Rapid7 Minerva Armor Privilege Escalation |
| CVE-2024-0779 | Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking |
| CVE-2024-0780 | Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset |
| CVE-2024-0949 | Improper Access Control in Talya Informatics' Elektraweb |
| CVE-2024-10003 | Rover IDX <= 3.0.0.2903 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions |
| CVE-2024-10008 | Masteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization... |
| CVE-2024-10078 | WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions |
| CVE-2024-10092 | Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation |
| CVE-2024-10216 | WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Carbon Fields Custom Sidebar Additio... |
| CVE-2024-10272 | Broken Access Control in lunary-ai/lunary |
| CVE-2024-10274 | Improper Authorization in lunary-ai/lunary |
| CVE-2024-10294 | CE21 Suite <= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings Change |
| CVE-2024-10326 | RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets |
| CVE-2024-10330 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-10363 | Improper Access Control in danny-avila/LibreChat |
| CVE-2024-10390 | Elfsight Telegram Chat CC <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-10399 | Download Monitor <= 5.0.13 - Missing Authorization to Sensitive Information Exposure |
| CVE-2024-10402 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contr... |
| CVE-2024-10437 | WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactiv... |
| CVE-2024-11154 | PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Au... |
| CVE-2024-11194 | Classified Listing – Classified ads & Business Directory Plugin <= 3.1.15.1 - Authenticated (Subscriber+) Limited Arbitrary O... |
| CVE-2024-11270 | WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Crea... |
| CVE-2024-11271 | WordPress Webinar Plugin – WebinarPress <= 1.33.24 - Missing Authorization to Authenticated (Subscriber+) Webinar Updates |
| CVE-2024-11281 | WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change |
| CVE-2024-11323 | AI Quiz | Quiz Maker <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-11334 | My Contador lesr <= 2.0 - Missing Authorization to Unauthenticated User Registration CSV Export |
| CVE-2024-11353 | SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion |
| CVE-2024-11354 | Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Pla... |
| CVE-2024-11355 | Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Setting Expos... |
| CVE-2024-11401 | Rapid7 Insight Platform Privilege Escalation Vulnerability |
| CVE-2024-11423 | Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch |
| CVE-2024-11443 | de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-11496 | Infility Global <= 2.9.8 - Authenticated (Subscriber+) Missing Authorization to Plugin Options Update |
| CVE-2024-11583 | Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.5.9 - Missing Authorization to Icon Font... |
| CVE-2024-11601 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart,... |
| CVE-2024-11643 | Accessibility by AllAccessible <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Update |
| CVE-2024-11673 | 1000 Projects Bookstore Management System cross-site request forgery |
| CVE-2024-11709 | AI Post Generator | AutoWriter <= 3.5 - Missing Authorization to Authenticated (Contributor+) Post/Page Deletion |
| CVE-2024-11715 | WP Job Portal <= 2.2.2 - Missing Authorization to Limited Privilege Escalation |
| CVE-2024-11724 | Cookie Consent for WP – Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) <= 3.6.5 - Mi... |
| CVE-2024-11725 | SMS Alert Order Notifications – WooCommerce <= 3.7.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options... |
| CVE-2024-11743 | SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery |
| CVE-2024-11816 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Remote Code Exe... |
| CVE-2024-11840 | RapidLoad – Optimize Web Vitals Automatically <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings... |
| CVE-2024-11844 | IdeaPush <= 8.71 - Missing Authorization to Board Term Deletion |
| CVE-2024-11848 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2024-11851 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update |
| CVE-2024-11852 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing... |
| CVE-2024-11911 | WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation |
| CVE-2024-11916 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Si... |
| CVE-2024-11918 | Image Alt Text <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Image Alt Text Update |
| CVE-2024-11926 | Traveler <= 3.1.6 - Missing Authorization in Several AJAX Actions |
| CVE-2024-11929 | Responsive FlipBook Plugin Wordpress <= 2.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-11936 | Zox News <= 3.16.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-11972 | Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation |
| CVE-2024-12006 | W3 Total Cache <= 2.8.1 Missing Authorization to Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation |
| CVE-2024-12018 | Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion |
| CVE-2024-12026 | Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation |
| CVE-2024-12027 | Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions |
| CVE-2024-12028 | Friends <= 3.2.1 - Missing Authorization |
| CVE-2024-12033 | Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync |
| CVE-2024-12071 | Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media <= 1.4.4 - Missing Authorization to Unaut... |
| CVE-2024-12104 | Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.9 - Missing Authorization to Authenticated (Subsc... |
| CVE-2024-12110 | Gold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation |
| CVE-2024-12113 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress By KaineLabs <= 1.3.2 - Missin... |
| CVE-2024-12129 | Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-12155 | SV100 Companion <= 2.0.02 - Missing Authorization to Unuathenticated Arbitrary Options Update |
| CVE-2024-12158 | Popup – MailChimp, GetResponse and ActiveCampaign Intergrations <= 3.2.6 - Missing Authorization to Unauthenticated DB Table... |
| CVE-2024-12164 | WPSyncSheets Lite For WPForms – WPForms Google Spreadsheet Addon <= 1.6 - Missing Authorization to Authenticated (Subscriber+... |
| CVE-2024-12171 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.6 - Missing Authorization to Authenticated (Subscriber+) Privilege... |
| CVE-2024-12172 | WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses <= 3.2.21 - Missing Authoriza... |
| CVE-2024-12176 | WordLift – AI powered SEO – Schema <= 3.54.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-12184 | WordPress Contact Forms by Cimatti <= 1.9.4 - Missing Authorization to Unauthenticated Form Submission Download |
| CVE-2024-12190 | Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2... |
| CVE-2024-10486 | Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File |
| CVE-2024-10520 | WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion |
| CVE-2024-10527 | Spacer <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Limited Information Disclosure |
| CVE-2024-10528 | Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update |
| CVE-2024-10529 | Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Deletion |
| CVE-2024-10530 | Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Addition |
| CVE-2024-10531 | Kognetiks Chatbot for WordPress <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Assistant Update |
| CVE-2024-10532 | Bard Extra <= 1.2.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import |
| CVE-2024-10533 | WP Chat App <= 3.6.8 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation |
| CVE-2024-10535 | Video Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File Deletion |
| CVE-2024-10536 | FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 6.0.0 - Missing Autho... |
| CVE-2024-10537 | WP User Manager – User Profile Builder & Membership <= 2.9.11 - Missing Authorization to Authenticated (Subscriber+) User Met... |
| CVE-2024-10542 | Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticate... |
| CVE-2024-10543 | Tumult Hype Animations <= 1.9.14 - Missing Authorization |
| CVE-2024-10567 | TI WooCommerce Wishlist <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access |
| CVE-2024-10574 | Quiz Maker Business, Developer, and Agency <= (Multiple Versions) - Missing Authorization to Google Sheets Integration Creden... |
| CVE-2024-10575 | CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and pote... |
| CVE-2024-10579 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unpublished Form Exposure |
| CVE-2024-10580 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form Submission |
| CVE-2024-10582 | Music Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Te... |
| CVE-2024-10586 | Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation |
| CVE-2024-10588 | Debug Tool <= 2.2 - Missing Authorization to Information Exposure |
| CVE-2024-10589 | Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-10591 | MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Autho... |
| CVE-2024-10606 | WP Travel Engine <= 6.2.1 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update |
| CVE-2024-10614 | Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation |
| CVE-2024-10629 | GPX Viewer <= 2.2.8 - Authenticated (Subscriber+) Arbitrary File Creation |
| CVE-2024-10663 | Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Missing Authorization to Authenticated (Subscriber+) Deactivation Submi... |
| CVE-2024-10664 | Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+... |
| CVE-2024-10665 | Yaad Sarig Payment Gateway For WC <= 2.2.4 - Missing Authorization to Authenticated (Subscriber+) Log Read/Deletion |
| CVE-2024-10673 | Top Store <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation |
| CVE-2024-10674 | Th Shop Mania <= 1.4.9 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation |
| CVE-2024-10717 | Styler for Ninja Forms <= 3.3.4 - Authenticated (Subscriber+) Arbitrary Option Deletion via deactivate_license |
| CVE-2024-10728 | PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation |
| CVE-2024-10762 | Missing Authorization in lunary-ai/lunary |
| CVE-2024-10783 | MainWP Child <= 5.2 - Missing Authorization to Unauthenticated Privilege Escalation |
| CVE-2024-10786 | Simple Local Avatars <= 2.7.11 - Missing Authorization to Authenticated (Subscriber+) User Cache Clearing |
| CVE-2024-10800 | WordPress User Extra Fields <= 16.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2024-10802 | Hash Elements <= 1.4.7 - Missing Authorization to Unauthenticated Draft Post Title Exposure |
| CVE-2024-10813 | Product Table for WooCommerce by CodeAstrology (wooproducttable.com) <= 3.5.1 - Information Exposure |
| CVE-2024-10824 | Authorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Acc... |
| CVE-2024-10852 | Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Export |
| CVE-2024-10853 | Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion |
| CVE-2024-10854 | Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Import |
| CVE-2024-10860 | NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation... |
| CVE-2024-10861 | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited... |
| CVE-2024-10866 | Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export |
| CVE-2024-10897 | Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation |
| CVE-2024-10900 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitra... |
| CVE-2024-11069 | WordPress GDPR <= 2.0.2 - Missing Authorization to Unauthenticated Arbitrary User Deletion |
| CVE-2024-11085 | WP Log Viewer <= 1.2.1 - Missing Authorization |
| CVE-2024-11104 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart,... |
| CVE-2024-11125 | GetSimpleCMS profile.php cross-site request forgery |
| CVE-2024-11205 | WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation |
| CVE-2024-12259 | CRM WordPress Plugin – RepairBuddy <= 3.8120 - Missing Authorization to Account Takeover/Privilege Escalation |
| CVE-2024-12263 | Child Theme Creator by Orbisius <= 1.5.5 - Missing Authorization to Authenticated (Subscriber+) Cloud Snippet Update/Delete |
| CVE-2024-12265 | Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure |
| CVE-2024-12266 | ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization |
| CVE-2024-12269 | Safe Ai Malware Protection for WP <= 1.0.17 - Missing Authorization to Unauthenticated Database Export |
| CVE-2024-12296 | Apus Framework <= 2.3 - Authenticated (Subscriber+) Arbitrary Options Update in import_page_options |
| CVE-2024-12300 | AR for WordPress <= 7.3 - Missing Authorization to Unauthenticated Limited File Upload |
| CVE-2024-12316 | Jupiter X Core <= 4.8.5 - Missing Authorization to Unauthenticated Popup Template Export |
| CVE-2024-12327 | LazyLoad Background Images <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update |
| CVE-2024-12331 | File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation |
| CVE-2024-12336 | WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensit... |
| CVE-2024-12341 | Custom Skins Contact Form 7 <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Update and Skin Crea... |
| CVE-2024-12349 | JFinalCMS save cross-site request forgery |
| CVE-2024-12365 | W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization to Server-Side Request Forgery |
| CVE-2024-12413 | MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 2.0.00 - Missing Authorization |
| CVE-2024-12427 | Multi Step Form <= 1.7.23 - Missing Authorization to Unauthenticated Limited File Upload |
| CVE-2024-12431 | Missing Authorization in GitLab |
| CVE-2024-12535 | Host PHP Info <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Disclosure |
| CVE-2024-12542 | linkID <= 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure |
| CVE-2024-12544 | SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing... |
| CVE-2024-12553 | GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability |
| CVE-2024-12558 | WP BASE Booking of Appointments, Services and Events <= 4.9.2 - Missing Authorization to Authenticated (Subscriber+) Sensitiv... |
| CVE-2024-12559 | ClickDesigns <= 1.8.0 - Missing Authorization to API Key Modification or Removal |
| CVE-2024-12594 | ALL In One Custom Login Page <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+)Privilege Escalation |
| CVE-2024-12596 | LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes <= 7.8.5 - Missing Authorization to Authenticated (Subscriber+) A... |
| CVE-2024-12606 | AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GP... |
| CVE-2024-12610 | School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2024-12611 | School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting |
| CVE-2024-12616 | Bitly's WordPress Plugin <= 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-12617 | WC Price History for Omnibus <= 2.1.3 - Missing Authorization |
| CVE-2024-12618 | Newsletter2Go <= 4.0.14 - Missing Authorization to Authenticated (Subscriber+) Style Reset |
| CVE-2024-12620 | AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations <= 1.4.23 - Missing Authorization to Unauthentic... |
| CVE-2024-12711 | RSVP and Event Management <= 2.7.13 - Missing Authorization |
| CVE-2024-12712 | Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates |
| CVE-2024-12713 | SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Discl... |
| CVE-2024-12719 | WordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Path Traversal |
| CVE-2024-12781 | Aurum - WordPress & WooCommerce Shopping Theme <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Demo Content I... |
| CVE-2024-12810 | JobCareer | Job Board Responsive WordPress Theme <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Multiple Admin... |
| CVE-2024-12821 | Media Manager for UserPro <= 3.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-12822 | Media Manager for UserPro <= 3.12.0 - Missing Authorization to Unauthenticated Arbitrary Options Update |
| CVE-2024-12825 | Custom Related Posts <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Private Post Search and Relation Updates |
| CVE-2024-12826 | GoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings Update |
| CVE-2024-12848 | SKT Page Builder <= 4.6 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-12855 | AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Atta... |
| CVE-2024-12876 | Golo - Directory & Listing, Travel WordPress Theme <= 1.6.10 - Missing Authorization to Privilege Escalation via Unauthentica... |
| CVE-2024-12879 | WPBot Pro Wordpress Chatbot <= 13.5.5 - Missing Authorization to Authenticated (Subscriber+) Simple Text Response Creation |
| CVE-2024-12881 | PlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorization to Authenticated (Subscr... |
| CVE-2024-12920 | FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions |
| CVE-2023-5905 | DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export |
| CVE-2024-12201 | Hash Form <= 1.2.1 - Missing Authorization to Authenticated (Contributor+) Form Style Creation |
| CVE-2024-12202 | Croma Music <= 3.6 - Authenticated (Subscriber+) Arbitrary Options Update in ironMusic_ajax |
| CVE-2024-12204 | Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization |
| CVE-2024-12210 | Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion |
| CVE-2024-12244 | Missing Authorization in GitLab |
| CVE-2024-12249 | GS Insever Portfolio <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) CSS Injection |
| CVE-2024-12253 | Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscr... |
| CVE-2024-12955 | PHPGurukul Blood Bank & Donor Management System logout.php cross-site request forgery |
| CVE-2024-13060 | Improper Authorization in mintplex-labs/anything-llm |
| CVE-2024-1307 | Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control |
| CVE-2024-13203 | kurniaramadhan E-Commerce-PHP cross-site request forgery |
| CVE-2024-13231 | WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update |
| CVE-2024-13232 | WordPress Awesome Import & Export Plugin - Import & Export WordPress Data <= 4.1.1 - Missing Authorization to Authenticated (... |
| CVE-2024-13243 | Entity Delete Log - Moderately critical - Access bypass - SA-CONTRIB-2024-007 |
| CVE-2024-13303 | Download All Files - Critical - Access bypass - SA-CONTRIB-2024-069 |
| CVE-2023-5949 | SmartCrawl WordPress SEO checker < 3.8.3 - Unauthenticated Password Protected Post Disclosure |
| CVE-2024-13307 | Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite... |
| CVE-2024-13312 | Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076 |
| CVE-2024-13316 | Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation |
| CVE-2024-13335 | Sastra Essential Addons for Elementor – Free Elementor Addons, Widgets and Templates <= 1.0.14 - Missing Authorization to Spe... |
| CVE-2024-13358 | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authentic... |
| CVE-2024-13361 | AI Power: Complete AI Pack <= 1.8.96 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2024-13364 | Raptive Ads <= 3.6.3 - Missing Authorization to Unauthenticated Data/Settings Reset |
| CVE-2024-13367 | Sandbox <= 0.4 - Missing Authorization to Authenticated (Subscriber+) Sandbox Download |
| CVE-2024-13368 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.1 - Missing Authorizati... |
| CVE-2024-13370 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.2 - Missing Authorizati... |
| CVE-2024-13371 | WP Job Portal <= 2.2.6 - Missing Authorization to Unauthenticated Arbitrary Email Sending |
| CVE-2024-13374 | WP Table Manager <= 4.1.3 - Missing Authorization to Authenticated (Subscriber+) Directory Traversal to Folder/File Name Disc... |
| CVE-2024-13412 | CozyStay <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler |
| CVE-2024-13415 | Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+)... |
| CVE-2024-13637 | Demo Awesome <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Plugin Activation |
| CVE-2024-13419 | Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-13423 | Sparkling <= 2.4.9 - Missing Authorization to Unauthenticated Arbitrary Plugin Activation/Deactivation |
| CVE-2024-13424 | Ni Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission Update |
| CVE-2024-13439 | Team – Team Members Showcase Plugin <= 4.4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-13447 | WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval |
| CVE-2024-13449 | Boom Fest <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update |
| CVE-2024-13468 | Trash Duplicate and 301 Redirect <= 1.9 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2024-1350 | WordPress Honeypot for WP Comment plugin <= 2.2.3 - Arbitrary File Deletion vulnerability |
| CVE-2024-13513 | Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation |
| CVE-2024-13520 | Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.6 - Missing Authorization to Unauthenticated Price, Da... |
| CVE-2024-13526 | EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event At... |
| CVE-2024-13529 | SocialV - Social Network and Community BuddyPress Theme <= 2.0.15 - Missing Authorization to Arbitrary File Download |
| CVE-2024-13530 | Custom Login Page Styler <= 7.1.1 - Missing Authorization to Authenticated (Subsciber+) Log Deletion and Session Termination |
| CVE-2024-13639 | Read More & Accordion <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary 'Read More' Post Deletion |
| CVE-2024-13643 | Zox News <= 3.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Modification |
| CVE-2024-13541 | aDirectory – WordPress Directory Listing Plugin <= 2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post... |
| CVE-2024-13554 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation |
| CVE-2024-13556 | Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated I... |
| CVE-2024-13719 | PeproDev Ultimate Invoice <= 2.0.8 - Insecure Direct Object Reference to Unauthenticated Order Information Exposure |
| CVE-2024-13737 | Motors – Car Dealer, Classifieds & Listing <= 1.4.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post De... |
| CVE-2024-13746 | Booking Calendar and Notification <= 4.0.3 - Missing Authorization via wpcb_all_bookings, wpcb_update_booking_post, and wpcb_... |
| CVE-2024-13747 | WooMail - WooCommerce Email Customizer <= 3.0.34 - Authenticated (Subscriber+) Missing Authorization to SQL Injection |
| CVE-2024-13752 | WP Project Manager <= 2.6.17 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update |
| CVE-2024-13767 | Live2DWebCanvas <= 1.9.11 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2024-13769 | Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Missing Authorization to Authenticated (Subscriber... |
| CVE-2024-13775 | WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and... |
| CVE-2024-13776 | ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited... |
| CVE-2024-13780 | Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary... |
| CVE-2024-13651 | RapidLoad – Optimize Web Vitals Automatically <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Limited Setting... |
| CVE-2024-13652 | ECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion |
| CVE-2024-13653 | ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Opt... |
| CVE-2024-13654 | ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Opt... |
| CVE-2024-13655 | Flex Mag - Responsive WordPress News Theme <= 3.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option D... |
| CVE-2024-13656 | Click Mag - Viral WordPress News Magazine/Blog Theme <= 3.6.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrar... |
| CVE-2024-13677 | GetBookingsWp - Appointments & Bookings Plugin Basic Version <= 1.1.27 - Authenticated (Subscriber+) Privilege Escalation via... |
| CVE-2024-13686 | VW Storefront <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset |
| CVE-2024-13687 | Team Builder – Meet the Team <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-13698 | Jobify - Job Board WordPress Theme <= 4.2.7 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary... |
| CVE-2024-13703 | CRM and Lead Management by vcita <= 2.7.1 - Missing Authorization to Authenticated (Susbcriber+) Widget Toggle |
| CVE-2024-13715 | zStore Manager Basic <= 3.311 - Missing Authorization to Authenticated (Subscriber+) Cache Clearing |
| CVE-2024-13716 | Forex Calculators <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-13717 | Contact Form and Calls To Action by vcita <= 2.7.1 - Missing Authorization to Authenticated (Subscriber+) Contact/Widget Togg... |
| CVE-2024-20413 | Cisco NX-OS Bash Privilege Escalation Vulnerability |
| CVE-2024-20442 | Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability |
| CVE-2024-20477 | Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Endpoint Vulnerability |
| CVE-2024-21748 | WordPress Icegram Engage plugin <= 3.1.21 - Broken Access Control vulnerability |
| CVE-2024-13783 | FormCraft <= 3.9.11 - Missing Authorization to Plugin Data Export in formcraft-main.php |
| CVE-2024-13800 | Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Upd... |
| CVE-2024-13801 | BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update |
| CVE-2024-13810 | Zass - WooCommerce Theme for Handmade Artists and Artisans <= 3.9.9.10 - Missing Authorization to Authenticated (Subscriber+)... |
| CVE-2024-13811 | Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme <= 4.5.7 - Missing Authorization to Authenticated (Subsc... |
| CVE-2024-13816 | Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.3.6 - Missing Authorization to Authenticated (Subscriber+) Mu... |
| CVE-2024-13994 | Nagios XI < 2024R1.1.2 Allow Insecure Logins Missing Authorization |
| CVE-2024-1438 | WordPress Rolo Slider plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2024-1539 | Missing Authorization in GitLab |
| CVE-2024-1662 | Information Disclosure in Porty's PowerBank |
| CVE-2024-1744 | IDOR in Ariva Computer's Accord ORS |
| CVE-2024-1798 | Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml |
| CVE-2024-1804 | Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xml |
| CVE-2024-2035 | Improper Authorization in zenml-io/zenml |
| CVE-2024-20355 | A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Secur... |
| CVE-2024-21417 | Windows Text Services Framework Elevation of Privilege Vulnerability |
| CVE-2024-21630 | Zulip non-admins can invite new users to streams they would not otherwise be able to add existing users to |
| CVE-2024-12922 | Altair <= 5.2.4 - Unauthenticated Arbitrary Options Update via pp_import_current |
| CVE-2024-22151 | WordPress Import and export users and customers plugin <= 1.24.6 - Broken Access Control vulnerability |
| CVE-2024-22156 | WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2024-22296 | WordPress 12 Step Meeting List plugin <= 3.14.28 - Broken Access Control vulnerability |
| CVE-2024-22298 | WordPress Amelia plugin <= 1.0.98 - Broken Access Control vulnerability |
| CVE-2024-2292 | Access Control Vulnerabilities lead to Violation of Privacy and Modification of Personal Data |
| CVE-2024-23503 | WordPress Ninja Tables plugin <= 5.0.6 - Broken Access Control vulnerability |
| CVE-2024-23504 | WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability |
| CVE-2024-23518 | WordPress ACF Photo Gallery Field plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2024-23520 | WordPress PopupAlly plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2024-23521 | WordPress Happyforms plugin <= 1.25.10 - Broken Access Control vulnerability |
| CVE-2024-23524 | WordPress PilotPress plugin <= 2.0.30 - Broken Access Control vulnerability |
| CVE-2024-23944 | Apache ZooKeeper: Information disclosure in persistent watcher handling |
| CVE-2024-24703 | WordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerability |
| CVE-2024-24704 | WordPress Load More Anything plugin <= 3.3.3 - Broken Access Control vulnerability |
| CVE-2024-24710 | WordPress Feed Them Social plugin <= 4.2.0 - Broken Access Control vulnerability |
| CVE-2024-24711 | WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability |
| CVE-2024-24716 | WordPress Awesome Support plugin <= 6.1.6 - Broken Access Control vulnerability |
| CVE-2024-24718 | WordPress PropertyHive plugin <= 2.0.6 - Missing Authorization to Non-Arbitrary Plugin Installation vulnerability |
| CVE-2024-24719 | WordPress Kikote plugin <= 1.8.9 - Broken Access Control vulnerability |
| CVE-2024-24739 | Missing authorization check in SAP BAM (Bank Account Management) |
| CVE-2024-24741 | Missing Authorization check in SAP Master Data Governance Material |
| CVE-2024-24799 | WordPress WooCommerce Box Office plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2024-24805 | WordPress WP Dummy Content Generator plugin <= 3.1.2 - Broken Access Control vulnerability |
| CVE-2024-24822 | Pimcore Admin Classic Bundle permissions are not getting checked when working with tags |
| CVE-2024-24832 | WordPress EventPrime plugin <= 3.3.9 - Broken Access Control vulnerability |
| CVE-2024-24833 | WordPress Happy Addons for Elementor plugin <= 3.10.1 - Broken Access Control on Post Clone vulnerability |
| CVE-2024-24835 | WordPress BEAR plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2024-24840 | WordPress Element Pack Elementor Addons plugin <= 5.4.11 - Broken Access Control on Duplicate Post vulnerability |
| CVE-2024-24850 | WordPress Quicksand Post Filter jQuery plugin <= 3.1.1 - Broken Access Control vulnerability |
| CVE-2024-24883 | WordPress Prime Slider plugin <= 3.11.10 - Broken Access Control on Duplicate Post vulnerability |
| CVE-2024-2508 | WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification |
| CVE-2024-25092 | WordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability |
| CVE-2024-25643 | Missing authorization check in SAP Fiori app (My Overtime Requests) |
| CVE-2024-21751 | WordPress RabbitLoader plugin <= 2.19.13 - Broken Access Control vulnerability |
| CVE-2024-25907 | WordPress WP Media folder plugin <= 5.7.2 - Plugin Settings Change vulnerability |
| CVE-2024-25908 | WordPress WP Media folder plugin <= 5.7.2 - Subscriber+ Arbitrary Post/Page Modification vulnerability |
| CVE-2024-25911 | WordPress MoveTo plugin <= 6.2 - Unauthenticated Arbitrary File Deletion vulnerability |
| CVE-2024-25912 | WordPress MoveTo plugin <= 6.2 - Unauthenticated Arbitrary WordPress Settings Change vulnerability |
| CVE-2024-25922 | WordPress Peach Payments Gateway plugin <= 3.1.9 - Broken Access Control vulnerability |
| CVE-2024-25929 | WordPress Product Catalog Mode For Woocommerce plugin <= 5.0.5 - Broken Access Control vulnerability |
| CVE-2024-25935 | WordPress RegistrationMagic plugin <= 5.2.5.9 - Broken Access Control vulnerability |
| CVE-2024-26138 | License information is public, exposing instance id and license holder details |
| CVE-2024-2702 | WordPress Olive One Click Demo Import plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2024-27190 | WordPress Download Media plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2024-27900 | Missing Authorization check in SAP ABAP Platform |
| CVE-2024-27906 | Apache Airflow: Dag Code and Import Error Permissions Ignored |
| CVE-2024-27910 | A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer witho... |
| CVE-2024-27911 | A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator... |
| CVE-2024-27939 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arb... |
| CVE-2024-27950 | WordPress Sirv Plugin <= 7.2.0 is vulnerable to Broken Access Control |
| CVE-2024-27953 | WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access Control |
| CVE-2024-27970 | WordPress WP SendFox plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2024-30459 | WordPress AI WP Writer plugin <= 3.6.5 - Broken Access Control vulnerability |
| CVE-2024-28003 | WordPress Max Mega Menu plugin <= 3.3 - Broken Access Control vulnerability |
| CVE-2024-28004 | WordPress Colibri Page Builder plugin <= 1.0.248 - Broken Access Control vulnerability |
| CVE-2024-28167 | Missing Authorization check in SAP Group Reporting Data Collection (Enter Package Data) |
| CVE-2024-28215 | nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could... |
| CVE-2024-28216 | nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could... |
| CVE-2024-2882 | Missing Authorization in SDG Technologies PnPSCADA |
| CVE-2024-2906 | WordPress Radio Player plugin <= 2.0.73 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-29228 | Missing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and... |
| CVE-2024-29229 | Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 an... |
| CVE-2024-29240 | Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.... |
| CVE-2024-29241 | Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-1... |
| CVE-2024-30216 | Missing Authorization check in SAP S/4 HANA (Cash Management) |
| CVE-2024-30217 | Missing Authorization check in SAP S/4 HANA (Cash Management) |
| CVE-2024-30234 | WordPress WholesaleX plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2024-30235 | WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2024-30505 | WordPress Church Admin plugin <= 4.1.18 - Broken Access Control vulnerability |
| CVE-2024-30508 | WordPress WP Hotel Booking plugin <= 2.0.9.2 - Broken Access Control vulnerability |
| CVE-2024-30463 | WordPress BEAR plugin <= 1.1.4.3 - Broken Access Control vulnerability |
| CVE-2024-30512 | WordPress weForms plugin <= 1.6.20 - Broken Access Control vulnerability |
| CVE-2024-30515 | WordPress Events Manager plugin <= 6.4.6.4 - Broken Access Control vulnerability |
| CVE-2024-30517 | WordPress Sliced Invoices plugin <= 3.9.2 - Broken Access Control vulnerability |
| CVE-2024-30525 | WordPress Move Addons for Elementor plugin <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2024-30528 | WordPress Spiffy Calendar plugin <= 4.9.10 - Broken Access Control vulnerability |
| CVE-2024-30529 | WordPress Tainacan plugin <= 0.20.7 - Broken Access Control vulnerability |
| CVE-2024-30534 | WordPress Calendarista Basic Edition plugin <= 3.0.5 - Broken Access Control vulnerability |
| CVE-2024-30537 | WordPress WPC Badge Management for WooCommerce plugin <= 2.4.0 - Broken Access Control vulnerability |
| CVE-2024-30538 | WordPress DELUCKS SEO plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2024-30539 | WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability |
| CVE-2024-30544 | WordPress Whizzy plugin <= 1.1.18 - Broken Access Control vulnerability |
| CVE-2024-31098 | WordPress New Order Notification for Woocommerce plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2024-31099 | WordPress Phlox Core Elements plugin <= 2.15.7 - Broken Access Control vulnerability |
| CVE-2024-3115 | Exposure of Sensitive Information to an Unauthorized Actor in GitLab |
| CVE-2024-31230 | WordPress ShortPixel Adaptive Images plugin <= 3.8.2 - Broken Access Control vulnerability |
| CVE-2024-31242 | WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary Email Sending vulnerability |
| CVE-2024-31243 | WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Setting Deletion vulnerability |
| CVE-2024-31244 | WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary WordPress Settings Change vulnerability |
| CVE-2024-31246 | WordPress Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulner... |
| CVE-2024-31248 | WordPress All-in-One Video Gallery plugin <= 3.5.2 - Broken Access Control vulnerability |
| CVE-2024-31252 | WordPress Responsive Lightbox & Gallery plugin <= 2.4.6 - Broken Access Control vulnerability |
| CVE-2024-31261 | WordPress Announcer – Notification & message bars plugin <= 6.0 - Broken Access Control vulnerability |
| CVE-2024-31267 | WordPress Flexible Checkout Fields for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability |
| CVE-2024-31270 | WordPress ARForms Form Builder plugin <= 1.6.1 - Broken Access Control vulnerability |
| CVE-2024-31273 | WordPress JS Help Desk plugin <= 2.8.3 - Broken Access Control vulnerability |
| CVE-2024-31274 | WordPress EmbedPress plugin <= 3.9.11 - Broken Access Control vulnerability |
| CVE-2024-31275 | WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability |
| CVE-2024-31276 | WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2024-31281 | WordPress Church Admin plugin <= 4.1.6 - Broken Access Control vulnerability |
| CVE-2024-31283 | WordPress Advanced Local Pickup for WooCommerce plugin <=1.6.2 - Broken Access Control vulnerability |
| CVE-2024-31284 | WordPress EmbedPress plugin <= 3.9.8 - Broken Access Control vulnerability |
| CVE-2024-31294 | WordPress WP Sort Order plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2024-31297 | WordPress Wholesale For WooCommerce plugin <= 2.3.1 - Unauthenticated Arbitrary Post/Page vulnerability |
| CVE-2024-31304 | WordPress MultiVendorX Marketplace <= 4.1.3 - Broken Access Control vulnerability |
| CVE-2024-31307 | WordPress Easy Social Share Buttons plugin <= 9.4 - Multiple Broken Access Control vulnerability |
| CVE-2024-31342 | WordPress Gallery Exporter plugin <= 1.3 - Arbitrary File Download vulnerability |
| CVE-2024-31343 | WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10.1 - Arbitrary File Download vulnerability |
| CVE-2024-31347 | WordPress Tracking Code Manager plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2024-31350 | WordPress AWP Classifieds plugin <= 4.3.1 - Broken Access Control vulnerability |
| CVE-2024-31352 | WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability |
| CVE-2024-31358 | WordPress 5 Stars Rating Funnel plugin <= 1.2.67 - Arbitrary Content Deletion vulnerability |
| CVE-2024-31359 | WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.2 - Broken Access Control vulnerability |
| CVE-2024-31366 | WordPress Post Type Builder (PTB) plugin <= 2.0.8 - Auth. Arbitrary Post/Page Creation vulnerability |
| CVE-2024-31367 | WordPress Soledad theme <= 8.4.2 - Authenticated Broken Access Control vulnerability |
| CVE-2024-31368 | WordPress Soledad theme <= 8.4.2 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-31375 | WordPress WP2LEADS plugin <= 3.2.7 - Broken Access Control vulnerability |
| CVE-2024-31421 | WordPress Popup by Supsystic plugin <= 1.10.27 - Broken Access Control vulnerability |
| CVE-2024-31423 | WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.5 - Broken Access Control vulnerability |
| CVE-2024-31432 | WordPress Restrict Content plugin <= 3.2.8 - Broken Access Control vulnerability |
| CVE-2024-31981 | XWiki Platform: Privilege escalation (PR) from user registration through PDFClass |
| CVE-2024-31983 | XWiki Platform: Remote code execution from edit in multilingual wikis via translations |
| CVE-2024-31987 | XWiki Platform remote code execution from account via custom skins support |
| CVE-2024-31997 | XWiki Platform remote code execution from account through UIExtension parameters |
| CVE-2024-32081 | WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - Broken Access Control vulnerability |
| CVE-2024-32142 | WordPress Ovic Responsive WPBakery plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2024-32143 | WordPress Podlove Podcast Publisher plugin <= 4.1.0 - Broken Access Control vulnerability |
| CVE-2024-32144 | WordPress Welcart e-Commerce plugin <= 2.9.14 - Broken Access Control vulnerability |
| CVE-2024-32146 | WordPress Aspose.Words – Import and Export word documents plugin <= 6.3.1 - Broken Access Control vulnerability |
| CVE-2024-32148 | WordPress Pardot plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2024-32432 | WordPress Ovic Addon Toolkit plugin <= 2.6.1 - Broken Access Control vulnerability |
| CVE-2024-32455 | WordPress Fatal Error Notify plugin <= 1.5.2 - Broken Access Control vulnerability |
| CVE-2024-32466 | Tolgee's API key scopes not checked when querying translation data |
| CVE-2024-32509 | WordPress WP Cost Estimation & Payment Forms Builder plugin <= 10.1.76 - Broken Access Control vulnerability |
| CVE-2024-32515 | WordPress Mega Addons For Elementor plugin <= 1.8 - Broken Access Control vulnerability |
| CVE-2024-32516 | WordPress Multi Currency For WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability |
| CVE-2024-32517 | WordPress Custom Thank You Page Customize For WooCommerce by Binary Carpenter plugin <= 1.4.12 - Broken Access Control vulner... |
| CVE-2024-32518 | WordPress PeproDev Ultimate Invoice plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2024-32519 | WordPress GG Woo Feed for WooCommerce plugin <= 1.2.6 - Broken Access Control vulnerability |
| CVE-2024-32520 | WordPress WPC Grouped Product for WooCommerce plugin <= 4.4.2 - Broken Access Control vulnerability |
| CVE-2024-32522 | WordPress Open Close WooCommerce Store plugin <= 4.9.1 - Broken Access Control vulnerability |
| CVE-2024-32524 | WordPress Custom Order Statuses for WooCommerce plugin <= 1.5.2 - Broken Access Control vulnerability |
| CVE-2024-32525 | WordPress Theme My Login plugin <= 7.1.6 - Broken Access Control vulnerability |
| CVE-2024-32532 | WordPress Speed Optimizer plugin <= 7.4.6 - Broken Access Control vulnerability |
| CVE-2024-32589 | WordPress Barcode Scanner and Inventory manager plugin <= 1.5.3 - Broken Access Control to XSS vulnerability |
| CVE-2024-32601 | WordPress Popup Anything plugin <= 2.8 - Broken Access Control vulnerability |
| CVE-2024-32656 | Ant Media Server vulnerable to local privilege escalation |
| CVE-2024-32675 | WordPress Order Limit for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2024-32677 | WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability |
| CVE-2024-32678 | WordPress TrackShip for WooCommerce plugin <= 1.7.5 - Broken Access Control vulnerability |
| CVE-2024-32679 | WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability |
| CVE-2024-32681 | WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability |
| CVE-2024-32682 | WordPress Prime Slider plugin <= 3.13.2 - Broken Access Control vulnerability |
| CVE-2024-32684 | WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability |
| CVE-2024-32687 | WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.0.3 - Broken Access Control vulnerability |
| CVE-2024-32688 | WordPress MyRewards plugin <= 5.3.0 - Broken Access Control vulnerability |
| CVE-2024-32689 | WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability |
| CVE-2024-32691 | WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.2 - Broken Access Control vulnerability |
| CVE-2024-32692 | WordPress Chauffeur Taxi Booking System for WordPress plugin <= 6.9 - Broken Authentication vulnerability |
| CVE-2024-32701 | WordPress InstaWP Connect plugin <= 0.1.0.24 - Broken Access Control vulnerability |
| CVE-2024-32703 | WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary File Deletion vulnerability |
| CVE-2024-32704 | WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary WordPress Options Removal vulnerability |
| CVE-2024-32705 | WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability |
| CVE-2024-32712 | WordPress Podlove Podcast Publisher plugin <= 4.0.14 - Broken Access Control vulnerability |
| CVE-2024-32713 | WordPress AI Post Generator | AutoWriter plugin <= 3.3 - Broken Access Control vulnerability |
| CVE-2024-32714 | WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control vulnerability |
| CVE-2024-32715 | WordPress Olive One Click Demo Import plugin <= 1.1.1 - Arbitrary File Download vulnerability |
| CVE-2024-32717 | WordPress SchedulePress plugin <= 5.0.8 - Broken Access Control vulnerability |
| CVE-2024-32719 | WordPress WP Club Manager plugin <= 2.2.11 - Broken Access Control vulnerability |
| CVE-2024-32724 | WordPress SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy plugin <= 2.1.1 - Arbitrary Content Deletion vulnera... |
| CVE-2024-32725 | WordPress 5 Stars Rating Funnel plugin 1.2.67 - Broken Access Control vulnerability |
| CVE-2024-32727 | WordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2024-32730 | Missing authorization check in SAP Enable Now Manager |
| CVE-2024-32731 | Missing Authorization check in SAP My Travel Requests |
| CVE-2024-32776 | WordPress AppPresser plugin <= 4.3.0 - Broken Access Control vulnerability |
| CVE-2024-32948 | WordPress ARMember – Membership Plugin plugin <= 4.0.28 - Broken Access Control vulnerability |
| CVE-2024-32951 | WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerability |
| CVE-2024-32957 | WordPress Page Builder: Live Composer plugin <= 1.5.38 - Broken Access Control vulnerability |
| CVE-2024-33000 | Missing Authorization check in SAP Bank Account Management |
| CVE-2024-33005 | Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server |
| CVE-2024-3305 | IDOR in Utarit Information's SoliClub |
| CVE-2024-33543 | WordPress WP Time Slots Booking Form plugin <= 1.2.06 - Broken Access Control vulnerability |
| CVE-2024-33545 | WordPress WZone plugin <= 14.0.10 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-33547 | WordPress WZone plugin <= 14.0.10 - Site Wide Broken Access Control vulnerability |
| CVE-2024-33555 | WordPress XStore Core plugin <= 5.3.8 - Multiple Authenticated Broken Access Control vulnerability |
| CVE-2024-33558 | WordPress XStore Core plugin <= 5.3.5 - Limited Arbitrary File Download vulnerability |
| CVE-2024-33561 | WordPress XStore theme <= 9.3.8 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-33563 | WordPress XStore theme <= 9.3.8 - Broken Access Control vulnerability |
| CVE-2024-33564 | WordPress XStore theme <= 9.3.8 - Arbitrary Option Update vulnerability |
| CVE-2024-33565 | WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Broken Access Control vulnerabilit... |
| CVE-2024-33566 | WordPress OrderConvo plugin <= 12.4 - Unauthenticated API Access to Arbitrary File Upload vulnerability |
| CVE-2024-33570 | WordPress MetForm plugin <= 3.8.3 - Broken Access Control vulnerability |
| CVE-2024-33572 | WordPress The Plus Blocks for Block Editor | Gutenberg plugin <= 3.2.5 - Broken Access Control vulnerability |
| CVE-2024-33573 | WordPress EPROLO Dropshipping plugin <= 1.7.1 - Broken Access Control vulnerability |
| CVE-2024-33574 | WordPress Vitepos plugin <= 3.0.1 - Broken Access Control vulnerability |
| CVE-2024-33576 | WordPress WPPizza plugin <= 3.18.10 - Broken Access Control vulnerability |
| CVE-2024-33585 | WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 2.12.1 - Broken Access Control vulnerability |
| CVE-2024-33586 | WordPress Photo Gallery by 10Web plugin <= 1.8.20 - Broken Access Control vulnerability |
| CVE-2024-33587 | WordPress Secure Copy Content Protection and Content Locking plugin <= 3.9.0 - Broken Access Control vulnerability |
| CVE-2024-33588 | WordPress basepress plugin <= 2.16.1 - Broken Access Control vulnerability |
| CVE-2024-33589 | WordPress KB Support plugin <= 1.6.0 - Broken Access Control vulnerability |
| CVE-2024-33591 | WordPress Easy Accept Payments for PayPal plugin <= 4.9.10 - Broken Access Control vulnerability |
| CVE-2024-33593 | WordPress Smart Forms plugin <= 2.6.91 - Broken Access Control vulnerability |
| CVE-2024-33594 | WordPress Leaky Paywall plugin <= 4.20.8 - Price Manipulation vulnerability |
| CVE-2024-33595 | WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on Duplicate Post vulnerability |
| CVE-2024-33596 | WordPress Five Star Restaurant Reservations plugin <= 2.6.16 - Broken Access Control vulnerability |
| CVE-2024-33597 | WordPress SSU plugin <= 1.5.0 - Broken Access Control vulnerability |
| CVE-2024-33635 | WordPress Piotnet Addons For Elementor Pro plugin <= 7.1.17 - Unauthenticated Arbitrary Post/Page Deletion vulnerability |
| CVE-2024-33636 | WordPress WP Page Post Widget Clone plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2024-33652 | WordPress Client Dash plugin <= 2.2.1 - Broken Access Control vulnerability |
| CVE-2024-33684 | WordPress Save as PDF plugin by Pdfcrowd plugin <= 3.2.0 - Broken Access Control to Stored XSS vulnerability |
| CVE-2024-33686 | Broken Access Control vulnerability affecting multiple WordPress themes by Extend Themes |
| CVE-2024-33907 | WordPress Print My Blog plugin <= 3.26.2 - Broken Access Control vulnerability |
| CVE-2024-33908 | WordPress WidgetKit plugin <= 2.5.0 - Broken Access Control vulnerability |
| CVE-2024-33910 | WordPress Digital Publications by Supsystic plugin <= 1.7.7 - Broken Access Control vulnerability |
| CVE-2024-33912 | WordPress Academy LMS plugin <= 1.9.16 - Broken Access Control on Paid Courses vulnerability |
| CVE-2024-33914 | WordPress Exclusive Addons for Elementor plugin <= 2.6.9.1 - Broken Access Control on Post Duplication vulnerability |
| CVE-2024-33915 | WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2024-33919 | WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2024-33920 | WordPress Democracy Poll plugin <= 6.0.3 - Broken Access Control vulnerability |
| CVE-2024-33923 | WordPress SP Project & Document Manager plugin <= 4.69 - Broken Access Control vulnerability |
| CVE-2024-33925 | WordPress Embed Google Fonts plugin <= 3.1.0 - Broken Access Control vulnerability |
| CVE-2024-33929 | WordPress Directorist plugin <= 7.8.6 - Broken Access Control vulnerability |
| CVE-2024-33931 | WordPress JW Player for WordPress plugin <= 2.3.3 - Broken Access Control vulnerability |
| CVE-2024-33937 | WordPress Progressive WordPress (PWA) plugin <= 2.1.13 - Broken Access Control vulnerability |
| CVE-2024-33938 | WordPress Sliding Widgets plugin <= 1.5.0 - Broken Access Control to XSS vulnerability |
| CVE-2024-33941 | WordPress iPanorama 360 plugin <= 1.8.1 - Broken Access Control vulnerability |
| CVE-2024-33942 | WordPress Google Typography plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2024-33944 | WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerabilit... |
| CVE-2024-33956 | WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2024-34371 | WordPress Login with phone number plugin <= 1.7.18 - Broken Access Control vulnerability |
| CVE-2024-34372 | WordPress Post Grid Master plugin <= 3.4.7 - Broken Access Control vulnerability |
| CVE-2024-34377 | WordPress Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin <= 1.5.3 - Broken Access Control vulnerability |
| CVE-2024-34378 | WordPress LeadConnector plugin <= 1.7 - API Broken Access Control vulnerability |
| CVE-2024-34387 | WordPress WP Post Author plugin <= 3.6.4 - Rating Value Manipulation vulnerability |
| CVE-2024-34389 | WordPress WP Post Author plugin <= 3.6.4 - Broken Access Control vulnerability |
| CVE-2024-34435 | WordPress Aiomatic plugin <= 1.9.3 - Broken Access Control vulnerability |
| CVE-2024-34442 | WordPress weDocs plugin <= 2.1.4 - Broken Access Control vulnerability |
| CVE-2024-34444 | WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-11133 | Eventer <= 3.9.9 - Missing Authorization to Unauthenticated Event Ticket Download |
| CVE-2024-11134 | Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export |
| CVE-2024-35168 | WordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability |
| CVE-2024-35174 | WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability |
| CVE-2024-35237 | MIT IdentiBot User-Kerberos Mapping Publicly Available |
| CVE-2024-35628 | WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability |
| CVE-2024-35660 | WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability |
| CVE-2024-35661 | WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2024-35662 | WordPress Simple COD Fees for WooCommerce plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2024-35663 | WordPress WP Translate plugin <= 5.3.0 - Broken Access Control vulnerability |
| CVE-2024-35665 | WordPress Insert Post Ads plugin <= 1.3.2 - Broken Access Control vulnerability |
| CVE-2024-35667 | WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability |
| CVE-2024-35669 | WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2024-35671 | WordPress MJ Update History plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2024-35672 | WordPress Netgsm plugin <= 2.9.19 - Broken Access Control vulnerability |
| CVE-2024-35674 | WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerability |
| CVE-2024-35683 | WordPress Leyka plugin <= 3.31.1 - Broken Access Control vulnerability |
| CVE-2024-35685 | WordPress Radcliffe 2 theme <= 2.0.17 - Broken Access Control vulnerability |
| CVE-2024-35686 | WordPress Sensei LMS plugin <= 4.23.1 - Broken Access Control vulnerability |
| CVE-2024-35692 | WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability |
| CVE-2024-35716 | WordPress Copymatic plugin <= 1.9 - Broken Access Control vulnerability |
| CVE-2024-35717 | WordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2024-35720 | WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability |
| CVE-2024-35721 | WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability |
| CVE-2024-35722 | WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2024-35723 | WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2024-35724 | WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability |
| CVE-2024-35725 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability |
| CVE-2024-35726 | WordPress WooBuddy plugin <= 3.4.19 - Broken Access Control vulnerability |
| CVE-2024-35727 | WordPress Extra Product Options for WooCommerce plugin <= 3.0.6 - Broken Access Control vulnerability |
| CVE-2024-35729 | WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.2.6 - Broken Access Control vulnerability |
| CVE-2024-35735 | WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability |
| CVE-2024-35741 | WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability |
| CVE-2024-35742 | WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability |
| CVE-2024-35748 | WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability |
| CVE-2024-36113 | Discourse missing authorization checks for suspending admins/moderators |
| CVE-2024-36246 | Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code ma... |
| CVE-2024-36326 | Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a stan... |
| CVE-2024-36995 | Low-privileged user could create experimental items |
| CVE-2024-37094 | WordPress MasterStudy LMS plugin <= 3.2.12 - Broken Access Control vulnerability |
| CVE-2024-37095 | WordPress Envira Photo Gallery plugin <= 1.8.7.3 - CSRF leading to notice dismissal vulnerability |
| CVE-2024-37096 | WordPress Popup box plugin <= 4.5.1 - Broken Access Control vulnerability |
| CVE-2024-37106 | WordPress WishList Member X plugin < 3.26.7 - Unautenticated Plugin Settings Change Leading to Stored XSS vulnerability |
| CVE-2024-37111 | WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Denial of Service Attack vulnerability |
| CVE-2024-37119 | WordPress Uncanny Automator Pro plugin < 5.3.0.1 - Unauthenticated License Settings Reset vulnerability |
| CVE-2024-37123 | WordPress Ibtana – WordPress Website Builder plugin <= 1.2.3.3 - Broken Access Control vulnerability |
| CVE-2024-37172 | [CVE-2024-37172] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management) |
| CVE-2024-37175 | [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) |
| CVE-2024-37176 | Missing Authorization check in SAP BW/4HANA Transformation and DTP |
| CVE-2024-37201 | WordPress Woocommerce Customers Order History plugin <= 5.2.2 - Broken Access Control vulnerability |
| CVE-2024-37202 | WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin <= 1.222.16 - Broken Access Co... |
| CVE-2024-37203 | WordPress Laybuy Payment Extension for WooCommerce plugin <= 5.3.9 - Broken Access Control vulnerability |
| CVE-2024-37204 | WordPress PropertyHive plugin <= 2.0.9 - Broken Access Control vulnerability |
| CVE-2024-37207 | WordPress Demo Awesome plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2024-37209 | WordPress User Rights Access Manager plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2024-37214 | WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.5 - Broken Access Control to XSS vulnerability |
| CVE-2024-37218 | WordPress Page Builder Sandwich <= 5.1.0 - Broken Access Control vulnerability |
| CVE-2024-37220 | WordPress Optinly plugin <= 1.0.18 - Broken Access Control vulnerability |
| CVE-2024-37226 | WordPress Kanban Boards for WordPress plugin <= 2.5.21 - Broken Access Control vulnerability |
| CVE-2024-37232 | WordPress Hercules Core plugin <= 6.5 - Subscriber+ Arbitrary Settings Change/Access vulnerability |
| CVE-2024-37249 | WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerability |
| CVE-2024-37250 | WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Subscriber+ Broken Access Control vulnerability |
| CVE-2024-30464 | WordPress Social Icons Widget & Block by WPZOOM plugin <= 4.2.15 - Broken Access Control vulnerability |
| CVE-2024-30465 | WordPress PageLayer plugin <= 1.8.1 - Broken Access Control vulnerability |
| CVE-2024-30466 | WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.4 - Broken Access Control vulnerability |
| CVE-2024-30467 | WordPress Essential Blocks plugin <= 4.4.9 - Broken Access Control vulnerability |
| CVE-2024-30470 | WordPress YITH WooCommerce Account Funds Premium plugin <= 1.32.0 - Broken Access Control vulnerability |
| CVE-2024-30477 | WordPress Klarna Payments for WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability |
| CVE-2024-30484 | WordPress RT Easy Builder plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2024-30485 | WordPress Finale Lite plugin <= 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability |
| CVE-2024-30487 | WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 5.1 - Broken Access Control vulnerability |
| CVE-2024-37411 | WordPress Progress Planner plugin <= 0.9.1 - Broken Access Control vulnerability |
| CVE-2024-37415 | WordPress E2Pdf plugin <= 1.20.27 - Broken Access Control vulnerability |
| CVE-2024-37425 | WordPress Newspack Blocks plugin <= 3.0.8 - Broken Access Control vulnerability |
| CVE-2024-37427 | WordPress Timetics plugin <= 1.0.21 - Broken Access Control vulnerability |
| CVE-2024-37439 | WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Subscriber+ Arbitrary Post/Page Duplication vulnerability |
| CVE-2024-37440 | WordPress Church Admin plugin <= 4.4.4 - Broken Access Control vulnerability |
| CVE-2024-37443 | WordPress WP Job Manager plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2024-37444 | WordPress Defender plugin <= 4.7.1 - Broken Access Control vulnerability |
| CVE-2024-37453 | WordPress ProfileGrid – User Profiles, Groups and Communities plugin <= 5.8.7 - Broken Access Control vulnerability |
| CVE-2024-37456 | WordPress Simple Newsletter Plugin – Noptin plugin <= 3.4.2 - Broken Access Control vulnerability |
| CVE-2024-37463 | WordPress CRM Perks Forms plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2024-37468 | WordPress Newsmatic theme <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2024-37470 | WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-37475 | WordPress Newspack Newsletters plugin <= 2.13.2 - Broken Access Control vulnerability |
| CVE-2024-37477 | WordPress Newspack Content Converter plugin <= 0.1.5 - Broken Access Control vulnerability |
| CVE-2024-37481 | WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability |
| CVE-2024-37482 | WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability |
| CVE-2024-37483 | WordPress The Post Grid plugin <= 7.7.4 - Broken Access Control vulnerability |
| CVE-2024-37505 | WordPress Business One Page theme <= 1.2.9 - Broken Access Control on Notice Dismissal vulnerability |
| CVE-2024-37506 | WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability |
| CVE-2024-37510 | WordPress Donation Forms by Charitable plugin <= 1.8.1.7 - Broken Access Control vulnerability |
| CVE-2024-37516 | WordPress Featured Image from URL (FIFU) plugin <= 4.8.2 - Broken Access Control vulnerability |
| CVE-2024-37517 | WordPress Spectra plugin <= 2.13.7 - Broken Access Control vulnerability |
| CVE-2024-37542 | WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2024-37544 | WordPress Get Better Reviews for WooCommerce plugin <= 4.0.6 - Broken Access Control vulnerability |
| CVE-2024-3761 | Missing Authorization on Delete Datasets in lunary-ai/lunary |
| CVE-2024-37898 | XWiki Platform vulnerable to document deletion and overwrite from edit |
| CVE-2024-37901 | XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet |
| CVE-2024-37903 | Mastodon has improper authorship check on audience extension for existing posts |
| CVE-2024-37921 | WordPress Chained Quiz plugin <= 1.3.2.8 - Broken Access Control vulnerability |
| CVE-2024-37926 | WordPress WP Accessibility Helper (WAH) plugin <= 0.6.2.9 - Broken Access Control vulnerability |
| CVE-2024-37929 | WordPress User Activity Log Pro plugin <= 2.3.4 - Subscriber+ Multiple Broken Access Control vulnerability |
| CVE-2024-37930 | WordPress SmartMag theme <= 9.3.0 - Sensitive Data Exposure via Log File vulnerability |
| CVE-2024-37935 | WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Sensitive Data Exposure vulnerability |
| CVE-2024-38002 | The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 thro... |
| CVE-2024-38179 | Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability |
| CVE-2024-38190 | Power Platform Information Disclosure Vulnerability |
| CVE-2024-38353 | CodiMD - Missing Image Access Controls and Unauthorized Image Access |
| CVE-2024-38690 | WordPress iPanorama 360 plugin <= 1.8.3 - Broken Access Control vulnerability |
| CVE-2024-38695 | WordPress WP GoToWebinar plugin <= 15.6 - Broken Access Control vulnerability |
| CVE-2024-38699 | WordPress Wallet System for WooCommerce plugin <= 2.5.13 - Sensitive Data Exposure via Exported File vulnerability |
| CVE-2024-38702 | WordPress Product Delivery Date for WooCommerce – Lite plugin <= 2.7.2 - Broken Access Control vulnerability |
| CVE-2024-38707 | WordPress EmbedPress plugin <= 4.0.4 - Broken Access Control vulnerability |
| CVE-2024-38714 | WordPress WP Fast Total Search <= 1.68.232 - Broken Access Control vulnerability |
| CVE-2024-38719 | WordPress Auto Featured Image plugin <= 4.1.2 - Broken Access Control vulnerability |
| CVE-2024-38721 | WordPress EazyDocs plugin <= 2.5.0 - Broken Access Control vulnerability |
| CVE-2024-38726 | WordPress Product Designer plugin <= 1.0.33 - Arbitrary Content Deletion vulnerability |
| CVE-2024-38727 | WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Broken Access Control vulnerability |
| CVE-2024-38733 | WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability |
| CVE-2024-38737 | WordPress ReDi Restaurant Reservation plugin <= 24.0422 - Broken Access Control vulnerability |
| CVE-2024-38740 | WordPress Packlink PRO shipping module plugin <= 3.4.6 - Broken Access Control vulnerability |
| CVE-2024-38743 | WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2024-38744 | WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control to Unauth Stored XSS vulnerability |
| CVE-2024-38745 | WordPress Wholesale Suite plugin <= 2.1.12 - Broken Access Control vulnerability |
| CVE-2024-38748 | WordPress EleForms plugin <= 2.9.9.9 - Broken Access Control vulnerability |
| CVE-2024-38769 | WordPress Arconix Shortcodes plugin <= 2.1.11 - Broken Access Control vulnerability |
| CVE-2024-38771 | WordPress Atarim plugin <= 4.0 - Broken Access Control vulnerability |
| CVE-2024-38774 | WordPress Security Optimizer plugin <= 1.5.0 - Broken Access Control vulnerability |
| CVE-2024-38777 | WordPress Titan Anti-spam & Security plugin <= 7.3.6 - Broken Access Control vulnerability |
| CVE-2024-38783 | WordPress Arconix FAQ plugin <= 1.9.4 - Broken Access Control vulnerability |
| CVE-2024-38792 | WordPress ConveyThis Translate plugin <= 234 - Non-arbitrary Options Update vulnerability |
| CVE-2024-38794 | WordPress Custom Query Blocks plugin <= 5.2.0 - Broken Access Control vulnerability |
| CVE-2024-3932 | Totara LMS User Selector cross-site request forgery |
| CVE-2024-39546 | Junos OS Evolved: Local low-privilege user can gain root permissions leading to privilege escalation |
| CVE-2024-39591 | Missing Authorization check in SAP Document Builder |
| CVE-2024-39592 | [CVE-2024-39592] Missing Authorization check in SAP PDCE |
| CVE-2024-39596 | [CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now |
| CVE-2024-39625 | WordPress Icegram Engage plugin <= 3.1.24 - Unauthenticated Message Duplication Vulnerability |
| CVE-2024-39635 | WordPress Youzify plugin <= 1.2.6 - Broken Access Control vulnerability |
| CVE-2024-39640 | WordPress Social Feed Gallery plugin <= 4.3.9 - Broken Access Control vulnerability |
| CVE-2024-39650 | WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Multiple Vulnerabilities |
| CVE-2024-39654 | WordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerability |
| CVE-2024-39664 | WordPress Filter & Grids plugin <= 2.8.32 - Broken Authentication vulnerability |
| CVE-2024-3976 | Missing Authorization in GitLab |
| CVE-2024-39823 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization |
| CVE-2024-39824 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization |
| CVE-2024-4138 | Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) |
| CVE-2024-37254 | WordPress WP File Manager plugin <= 7.2.7 - Broken Access Control vulnerability |
| CVE-2024-37255 | WordPress ElementsKit Lite plugin <= 3.1.4 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-37269 | WordPress Masterstudy Elementor Widgets plugin <= 1.2.2 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-37276 | WordPress Featured Image from URL (FIFU) plugin <= 4.8.1 - Broken Access Control vulnerability |
| CVE-2024-37296 | Aimeos HTML client vulnerable to digital products download without proper payment status check |
| CVE-2024-37363 | Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization |
| CVE-2024-41734 | Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2024-42035 | Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect... |
| CVE-2024-4233 | Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares |
| CVE-2024-42371 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-42372 | Missing Authorization check in SAP NetWeaver AS Java (System Landscape Directory) |
| CVE-2024-42373 | Missing Authorization Check in SAP Student Life Cycle Management (SLcM) |
| CVE-2024-42376 | Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework |
| CVE-2024-42377 | Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework |
| CVE-2024-42380 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-42434 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization |
| CVE-2024-42470 | CometVisu Backend for openHAB has a sensitive information disclosure vulnerability |
| CVE-2024-4259 | Sensetive Data Exposure in SAMPAS's AKOS |
| CVE-2024-43118 | WordPress Hummingbird plugin <= 3.9.1 - Broken Access Control vulnerability |
| CVE-2024-43119 | WordPress Aruba HiSpeed Cache plugin <= 2.0.12 - Broken Access Control vulnerability |
| CVE-2024-43120 | WordPress TypeSquare Webfonts plugin <= 2.0.7 - Broken Access Control vulnerability |
| CVE-2024-43122 | WordPress Robin image optimizer plugin <= 1.6.9 - Broken Access Control vulnerability |
| CVE-2024-43134 | WordPress Waitlist Woocommerce plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2024-43136 | WordPress Sunshine Photo Cart plugin <= 3.2.1 - Broken Access Control vulnerability |
| CVE-2024-43142 | WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability |
| CVE-2024-43143 | WordPress Registrations for the Events Calendar plugin <= 2.12.1 - Broken Access Control vulnerability |
| CVE-2024-43146 | WordPress Accelerated Mobile Pages plugin <= 1.0.96.1 - Broken Access Control vulnerability |
| CVE-2024-43154 | WordPress Advanced Cron Manager – debug & control plugin <= 2.5.9 - Broken Access Control vulnerability |
| CVE-2024-43157 | WordPress FormCraft plugin <= 1.2.10 - Broken Access Control vulnerability |
| CVE-2024-43158 | WordPress Masteriyo LMS plugin <= 1.11.4 - Broken Access Control vulnerability |
| CVE-2024-43159 | WordPress Masteriyo LMS plugin <= 1.11.6 - Broken Access Control vulnerability |
| CVE-2024-43162 | WordPress Easy Digital Downloads plugin <= 3.2.12 - Broken Access Control vulnerability |
| CVE-2024-4317 | PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks |
| CVE-2024-43208 | WordPress Send Emails with Mandrill plugin <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2024-43209 | WordPress Bitly's WordPress Plugin plugin <= 2.7.2 - Broken Access Control vulnerability |
| CVE-2024-43212 | WordPress WpTravelly plugin <= 1.7.7 - Broken Access Control vulnerability |
| CVE-2024-43214 | WordPress myCred plugin <= 2.7.2 - Sensitive Data Exposure via BAC vulnerability |
| CVE-2024-43215 | WordPress Social Slider Feed plugin <= 2.2.2 - Broken Access Control vulnerability |
| CVE-2024-43219 | WordPress Persian WooCommerce plugin <= 7.1.6 - Broken Access Control vulnerability |
| CVE-2024-43222 | WordPress Sweet Date - More than a Wordpress Dating Theme theme <= 3.7.3 - Privilege Escalation vulnerability |
| CVE-2024-43223 | WordPress EventPrime plugin <= 4.0.3.2 - Broken Access Control vulnerability |
| CVE-2024-43229 | WordPress WP Search Analytics plugin <= 1.4.9 - Broken Access Control vulnerability |
| CVE-2024-43235 | WordPress Meta Box plugin <= 5.9.10 - Broken Access Control vulnerability |
| CVE-2024-43247 | WordPress WHMpress plugin <= 6.2-revision-5 - Subscriber+ Arbitrary Settings Change vulnerability |
| CVE-2024-43253 | WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability |
| CVE-2024-43254 | WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability |
| CVE-2024-43256 | WordPress Leopard plugin <= 2.0.36 - Subscriber+ Plugin Settings Change vulnerability |
| CVE-2024-43260 | WordPress Clearfy Cache plugin <= 2.2.4 - Broken Access Control vulnerability |
| CVE-2024-43268 | WordPress Backup and Restore WordPress plugin <= 1.50 - Broken Access Control vulnerability |
| CVE-2024-43270 | WordPress Backup and Restore WordPress plugin <= 1.50 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-43273 | WordPress Icegram Collect plugin <= 1.3.14 - Broken Access Control vulnerability |
| CVE-2024-43274 | WordPress JS Help Desk – The Ultimate Help Desk plugin <= 2.8.6 - Broken Access Control vulnerability |
| CVE-2024-43277 | WordPress UsersWP plugin <= 1.2.15 - Broken Access Control vulnerability |
| CVE-2024-43285 | WordPress Presto Player plugin <= 3.0.2 - Broken Access Control vulnerability |
| CVE-2024-43290 | WordPress Atarim plugin <= 4.0.1 - Broken Access Control vulnerability |
| CVE-2024-43293 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.3.1 - Broken Access Control vulnerability |
| CVE-2024-43296 | WordPress HTML5 Video Player plugin <= 2.5.30 - Broken Access Control vulnerability |
| CVE-2024-32777 | WordPress BizPrint plugin <= 4.3.39 - Broken Access Control vulnerability |
| CVE-2024-32778 | WordPress Contest Gallery plugin <= 21.3.4 - Arbitrary File Deletion vulnerability |
| CVE-2024-32779 | WordPress Vision – Image Map Builder plugin <= 1.7.1 - Broken Access Control vulnerability |
| CVE-2024-32783 | WordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability |
| CVE-2024-32784 | WordPress CookieHub plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2024-32787 | WordPress Secure Copy Content Protection and Content Locking plugin <= 3.7.1 - Broken Access Control vulnerability |
| CVE-2024-32792 | WordPress Hummingbird plugin <= 3.7.3 - Broken Access Control vulnerability |
| CVE-2024-32797 | WordPress WP LinkedIn Auto Publish plugin <= 8.11 - Broken Access Control vulnerability |
| CVE-2024-32798 | WordPress WP Travel Engine plugin <= 5.8.0 - Price Manipulation vulnerability |
| CVE-2024-32799 | WordPress Easy Property Listings plugin <= 3.5.3 - Broken Access Control vulnerability |
| CVE-2024-32802 | WordPress Better Messages plugin <= 2.4.32 - Broken Authentication vulnerability |
| CVE-2024-32804 | WordPress WP GoToWebinar plugin <= 14.46 - Broken Access Control vulnerability |
| CVE-2024-32805 | WordPress Social Snap plugin <= 1.3.5 - Broken Access Control vulnerability |
| CVE-2024-32810 | WordPress ShortPixel Critical CSS plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2024-32813 | WordPress Integrate Google Drive plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2024-32814 | WordPress Advanced Local Pickup for WooCommerce plugin <= 1.6.1 - Broken Access Control vulnerability |
| CVE-2024-32818 | WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2024-32820 | WordPress Social Share Icons & Social Share Buttons plugin <= 3.6.2 - Broken Access Control lead to Notice Dismissal vulnerab... |
| CVE-2024-32821 | WordPress Total Poll Lite plugin <= 4.9.9 - Broken Access Control vulnerability |
| CVE-2024-32822 | WordPress Reviews Plus plugin <= 1.3.4 - Broken Access Control vulnerability |
| CVE-2024-32824 | WordPress Evergreen Content Poster plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2024-32826 | WordPress VK Block Patterns plugin <= 1.31.0 - Broken Access Control vulnerability |
| CVE-2024-32828 | WordPress Table Rate Shipping Method for WooCommerce by Flexible Shipping plugin <= 4.24.15 - Broken Access Control vulnerabi... |
| CVE-2024-32829 | WordPress Data Tables Generator by Supsystic plugin <= 1.10.31 - Broken Access Control vulnerability |
| CVE-2024-32832 | WordPress Login with Phone Number plugin <= 1.6.93 - Broken Access Control vulnerability |
| CVE-2024-43355 | WordPress JoomSport plugin <= 5.3.0 - Broken Access Control vulnerability |
| CVE-2024-4341 | IDOR in ExtremePacs's Extreme XDS |
| CVE-2024-43662 | Authenticated arbitrary file upload to /tmp/ and /tmp/upload/ |
| CVE-2024-43919 | WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 - Broken Access Control vulnerability |
| CVE-2024-43923 | WordPress Timetics plugin <= 1.0.23 - Broken Access Control vulnerability |
| CVE-2024-43924 | WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Broken Access Control vulnerability |
| CVE-2024-43925 | WordPress Envira Gallery Lite plugin <= 1.8.14 - Broken Access Control vulnerability |
| CVE-2024-43928 | WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2024-43929 | WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2024-43932 | WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Broken Access Control vulnerability |
| CVE-2024-43937 | WordPress WP Crowdfunding plugin <= 2.1.10 - Settings Change vulnerability |
| CVE-2024-43939 | WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Arbitrary Option Deletion vulnerability |
| CVE-2024-43940 | WordPress Z Y N I T H plugin <= 7.4.9 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2024-43956 | WordPress MemberPress plugin <= 1.11.34 - Broken Access Control vulnerability |
| CVE-2024-43962 | WordPress LWS Affiliation plugin <= 2.3.4 - Broken Access Control vulnerability |
| CVE-2024-43968 | WordPress Newspack plugin < 3.8.7 - Broken Access Control vulnerability |
| CVE-2024-43973 | WordPress Payment forms, Buy now buttons and Invoicing System plugin <= 2.8.11 - Broken Access Control vulnerability |
| CVE-2024-43974 | WordPress ReviveNews theme <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2024-43979 | WordPress Blockbooster theme <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2024-43980 | WordPress FotaWP theme <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2024-43981 | WordPress GeoDirectory plugin <= 2.3.70 - Broken Access Control vulnerability |
| CVE-2024-43982 | WordPress Login As Users plugin <= 1.4.3 - Broken Access Control to Account Takeover vulnerability |
| CVE-2024-43998 | WordPress Blogpoet theme <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2024-44006 | WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.7 - Broken Access Control vulnerability |
| CVE-2024-44019 | WordPress Contact Form 7 Campaign Monitor Extension plugin <= 0.4.67 - Arbitrary File Deletion vulnerability |
| CVE-2024-44020 | WordPress WP Free SSL plugin <= 1.2.6 - Broken Access Control vulnerability |
| CVE-2024-44021 | WordPress Truepush plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2024-44031 | WordPress JoomSport plugin <= 5.6.3 - Broken Access Control vulnerability |
| CVE-2024-44038 | WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability |
| CVE-2024-44052 | WordPress HelloAsso plugin <= 1.1.10 - Broken Access Control vulnerability |
| CVE-2024-4410 | IgnitionDeck Crowdfunding Platform <= 1.9.8 - Missing Authorization |
| CVE-2024-44112 | Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution) |
| CVE-2024-44113 | Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer) |
| CVE-2024-44115 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-34690 | Missing Authorization check in SAP Student Life Cycle Management (SLcM) |
| CVE-2024-34691 | Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files) |
| CVE-2024-34753 | WordPress Radio Player plugin <= 2.0.73 - Broken Access Control vulnerability |
| CVE-2024-34758 | WordPress FundEngine – Donation and Crowdfunding Platform plugin <= 1.6.4 - Broken Access Control vulnerability |
| CVE-2024-34763 | WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability |
| CVE-2024-34768 | WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability |
| CVE-2024-34799 | WordPress BookingPress plugin <= 1.0.82 - Appointment Duration Manipulation vulnerability |
| CVE-2024-34802 | WordPress AdFoxly plugin <= 1.8.5 - Broken Access Control vulnerability |
| CVE-2024-34803 | WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability |
| CVE-2024-34804 | WordPress Tagembed plugin <= 5.8 - Broken Access Control vulnerability |
| CVE-2024-34813 | WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability |
| CVE-2024-34815 | WordPress Import and export users and customers plugin <= 1.26.5 - Broken Access Control vulnerability |
| CVE-2024-34819 | WordPress MC Woocommerce Wishlist plugin <= 1.7.2 - Broken Access Control vulnerability |
| CVE-2024-34820 | WordPress If-So Dynamic Content Personalization plugin <= 1.7.1 - Broken Access Control vulnerability |
| CVE-2024-34821 | WordPress Contact List plugin <= 2.9.87 - Broken Access Control vulnerability |
| CVE-2024-34822 | WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability |
| CVE-2024-34824 | WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability |
| CVE-2024-34826 | WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability |
| CVE-2024-4520 | Improper Access Control in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-45284 | Missing authorization check in SAP Student Life Cycle Management (SLcM) |
| CVE-2024-45285 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-45286 | Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface) |
| CVE-2024-45307 | SudoBot missing authorization check in `-config` command |
| CVE-2024-45393 | Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries |
| CVE-2024-45461 | Apache CloudStack Quota plugin: Access checks not enforced in Quota |
| CVE-2024-45591 | XWiki Platform document history including authors of any page exposed to unauthorized actors |
| CVE-2024-45732 | Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app |
| CVE-2024-45760 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remot... |
| CVE-2024-4660 | Missing Authorization in GitLab |
| CVE-2024-47055 | Segment cloning doesn't have a proper permission check |
| CVE-2024-47302 | WordPress Fluent Support plugin <= 1.8.0 - Broken Access Control on Email Verification vulnerability |
| CVE-2024-47308 | WordPress Templately plugin <= 3.1.2 - Broken Access Control vulnerability |
| CVE-2024-47311 | WordPress Wheel of Life plugin <= 1.1.8 - Broken Access Control vulnerability |
| CVE-2024-47314 | WordPress Sunshine Photo Cart plugin <= 3.2.8 - Broken Access Control vulnerability |
| CVE-2024-47317 | WordPress Ads by WPQuads plugin <= 2.0.84 - Broken Access Control vulnerability |
| CVE-2024-47318 | WordPress PWA for WP & AMP plugin <= 1.7.72 - Broken Access Control vulnerability |
| CVE-2024-47321 | WordPress WP Datepicker plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2024-47330 | Broken Access Control vulnerability on multiple WordPress plugins by Supsystic |
| CVE-2024-47337 | WordPress Joy Of Text Lite plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2024-47358 | WordPress Popup Maker plugin <= 1.19.2 - Broken Access Control vulnerability |
| CVE-2024-47359 | WordPress Depicter plugin <= 3.2.2 - Broken Access Control vulnerability |
| CVE-2024-47361 | WordPress Elementor Addon Elements plugin <= 1.13.6 - Broken Access Control vulnerability |
| CVE-2024-47362 | WordPress Strong Testimonials plugin <= 3.1.16 - Broken Access Control vulnerability |
| CVE-2024-4744 | WordPress iPages Flipbook plugin <= 1.5.1 - Broken Access Control vulnerability |
| CVE-2024-4745 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.4 - Broken Access Control vulnerability |
| CVE-2024-4746 | WordPress Netgsm plugin <= 2.9.16 - Broken Access Control vulnerability |
| CVE-2024-47581 | Missing Authorization check in SAP HCM (Approve Timesheets version 4) |
| CVE-2024-47585 | Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-47587 | Missing authorization check in SAP Cash Management (Cash Operations) |
| CVE-2024-47790 | Missing Authorization Vulnerability |
| CVE-2024-48039 | WordPress CubeWP – All-in-One Dynamic Content Framework plugin <= 1.1.15 - Broken Access Control vulnerability |
| CVE-2024-48044 | WordPress ShortPixel Image Optimizer plugin <= 5.6.3 - Broken Access Control vulnerability |
| CVE-2024-48045 | WordPress Happy Elementor Addons plugin <= 3.12.3 - Broken Access Control vulnerability |
| CVE-2024-4888 | Arbitrary File Deletion in BerriAI/litellm |
| CVE-2024-48898 | Moodle: some users can delete audiences of other reports |
| CVE-2024-49273 | WordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-49293 | WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability |
| CVE-2024-49321 | WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability |
| CVE-2024-49325 | WordPress Photo Gallery Builder plugin <= 3.0 - Broken Access Control to Notice Dismissal vulnerability |
| CVE-2024-49367 | Nginx UI's log path can be controlled |
| CVE-2024-55408 | An improper access control vulnerability in the AsusSAIO.sys driver may lead to the misuse of software functionality utilizin... |
| CVE-2024-5570 | Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update |
| CVE-2024-55876 | XWiki's scheduler in subwiki allows scheduling operations for any main wiki user |
| CVE-2024-55879 | XWiki allows RCE from script right in configurable sections |
| CVE-2024-55991 | WordPress CRM Plugin – WP-CRM System plugin <= 3.2.9.1 - Broken Access Control vulnerability |
| CVE-2024-55992 | WordPress WooCommerce Basic Ordernumbers plugin <= 1.4.4 - Broken Access Control vulnerability |
| CVE-2024-55993 | WordPress Job Board Manager plugin <= 2.1.60 - Broken Access Control vulnerability |
| CVE-2024-55994 | WordPress 畅言评论系统 plugin <= 2.0.5 - Broken Access Control vulnerability |
| CVE-2024-55995 | WordPress Torod plugin <= 1.7 - Settings Change vulnerability |
| CVE-2024-55996 | WordPress Payment gateway per Product for WooCommerce plugin <= 3.5.6 - Broken Access Control vulnerability |
| CVE-2024-55997 | WordPress Order Delivery & Pickup Location Date Time plugin <= 1.1.0 - Settings Change vulnerability |
| CVE-2024-55998 | WordPress Popup Surveys & Polls for WordPress (Mare.io) plugin <= 1.36 - Settings Change vulnerability |
| CVE-2024-55999 | WordPress XML Multilanguage Sitemap Generator plugin <= 2.0.6 - Broken Access Control vulnerability |
| CVE-2024-56001 | WordPress Ksher plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2024-56002 | WordPress Contact Form, Survey & Form Builder – MightyForms plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2024-56003 | WordPress Caldera SMTP Mailer plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2024-56004 | WordPress Easy Site Importer plugin <= 1.0.1 - Settings Change vulnerability |
| CVE-2024-56006 | WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability |
| CVE-2024-56007 | WordPress Leader plugin <= 2.6.1 - Broken Access Control vulnerability |
| CVE-2024-56008 | WordPress Spreadr Woocommerce plugin <= 1.0.4 - Arbitrary Content Deletion vulnerability |
| CVE-2024-56009 | WordPress Spreadr Woocommerce plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2024-56031 | WordPress Smart Shopify Product plugin <= 1.0.2 - Arbitrary Content Deletion vulnerability |
| CVE-2024-56048 | WordPress WPLMS plugin <= 1.9.9 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-56061 | WordPress RepairBuddy plugin <= 3.8119 - Account Takeover vulnerability |
| CVE-2024-56066 | WordPress Agency Toolkit plugin <= 1.0.23 - Privilege Escalation vulnerability |
| CVE-2024-56067 | WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Backup File Download Vulnerability |
| CVE-2024-56070 | WordPress WP SuperBackup plugin <= 2.3.3 - Multiple Subscriber+ Broken Access Control vulnerabilities |
| CVE-2024-56211 | WordPress UserPro plugin <= 5.1.9 - Authenticated Arbitrary User Meta Update vulnerability |
| CVE-2024-56215 | WordPress Member Directory and Contact Form plugin <= 1.7.0 - Broken Access Control vulnerability |
| CVE-2024-43297 | WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2024-43298 | WordPress Clone plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2024-43302 | WordPress Fonts plugin <= 3.7.7 - Broken Access Control vulnerability |
| CVE-2024-43310 | WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.9 - Broke... |
| CVE-2024-43312 | WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.1.9 - Broken Access Control vulnerability |
| CVE-2024-43314 | WordPress Asset CleanUp: Page Speed Booster plugin <= 1.3.9.3 - Broken Access Control vulnerability |
| CVE-2024-43323 | WordPress ReviewX plugin <= 1.6.28 - Broken Access Control vulnerability |
| CVE-2024-43326 | WordPress Plugin Notes Plus plugin <= 1.2.7 - Arbitrary Content Deletion vulnerability |
| CVE-2024-43331 | WordPress WP SMS plugin <= 6.9.3 - Broken Access Control vulnerability |
| CVE-2024-43332 | WordPress Photo Engine plugin <= 6.4.0 - Broken Access Control vulnerability |
| CVE-2024-43341 | WordPress Hello Agency theme <= 1.0.5 - Broken Access Control vulnerability |
| CVE-2024-43343 | WordPress Order Tracking – WordPress Status Tracking Plugin plugin < 3.3.13 - Broken Access Control vulnerability |
| CVE-2024-49581 | Access control issue impacting RV backed objects |
| CVE-2024-49596 | Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attac... |
| CVE-2024-49657 | WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Deletion vulnerability |
| CVE-2024-49680 | WordPress wpvr plugin <= 8.5.5 - Broken Access Control vulnerability |
| CVE-2024-49683 | WordPress Schema & Structured Data for WP & AMP plugin <= 1.3.5 - Sensitive Data Exposure vulnerability |
| CVE-2024-49686 | WordPress Landing Page Cat plugin <= 1.7.4 - Broken Access Control vulnerability |
| CVE-2024-49687 | WordPress Smart Manager plugin <= 8.45.0 - Broken Access Control vulnerability |
| CVE-2024-49689 | WordPress HD Quiz – Save Results Light plugin <= 0.5 - Broken Access Control vulnerability |
| CVE-2024-49694 | WordPress My Wp Brand – Hide menu & Hide Plugin plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2024-49697 | WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability |
| CVE-2024-49698 | WordPress Great Restaurant Menu WP plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2024-50052 | Arbitrary post deletion via Playbooks /ignore-thread endpoint |
| CVE-2024-50417 | WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability |
| CVE-2024-50421 | WordPress PDF Invoices & Packing Slips for WooCommerce plugin <= 3.8.6 - Broken Access Control vulnerability |
| CVE-2024-50422 | WordPress Breeze plugin <= 2.1.14 - Broken Access Control vulnerability |
| CVE-2024-50423 | WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability |
| CVE-2024-50424 | WordPress Templately plugin <= 3.1.5 - Broken Access Control vulnerability |
| CVE-2024-50428 | WordPress Multi Step Form plugin <= 1.7.21 - Broken Access Control vulnerability |
| CVE-2024-50454 | WordPress SEOPress plugin <= 8.1.1 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-50455 | WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability |
| CVE-2024-50456 | WordPress SEOPress plugin <= 8.1.1 - Broken Access Control vulnerability |
| CVE-2024-50459 | WordPress AidWP plugin <= 3.2.3 - Broken Access Control vulnerability |
| CVE-2024-50475 | WordPress Signup Page plugin <= 1.0 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-50476 | WordPress GRÜN spendino Spendenformular plugin <= 1.0.1 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-50490 | WordPress PegaPoll plugin <= 1.0.2 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-50500 | WordPress Phlox Core Elements plugin <= 2.17.2 - Broken Access Control vulnerability |
| CVE-2024-5126 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-5127 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-5129 | Privilege Escalation Vulnerability in lunary-ai/lunary |
| CVE-2024-5130 | Incorrect Authorization in lunary-ai/lunary |
| CVE-2024-51516 | Permission control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause featur... |
| CVE-2024-51651 | WordPress CubeWP Forms plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2024-51660 | WordPress Easy Accordion Gutenberg Block plugin <= 1.2.3 - Broken Access Control vulnerability |
| CVE-2024-51666 | WordPress Tours plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2024-51667 | WordPress Paytium plugin <= 4.4.10 - Broken Access Control vulnerability |
| CVE-2024-51671 | WordPress Otter Blocks plugin <= 3.0.3 - Broken Access Control vulnerability |
| CVE-2024-51817 | WordPress Combo WP Rewrite Slugs plugin <= 1.0 - Settings Change vulnerability |
| CVE-2024-52382 | WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-52383 | WordPress Ai Auto Tool Content Writing Assistant plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2024-52391 | WordPress Pie Register Premium plugin < 3.8.3.3 - Broken Access Control vulnerability |
| CVE-2024-52395 | WordPress Floating Buttons for WooCommerce plugin <= 2.8.8 - Broken Access Control vulnerability |
| CVE-2024-52416 | WordPress Debug Tool plugin <= 2.2 - Remote Code Execution vulnerability |
| CVE-2024-5248 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-52480 | WordPress Jobify plugin <= 4.2.3 - Broken Access Control vulnerability |
| CVE-2024-44116 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-44117 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-4428 | Sensetive Data Exposure in Menulux Managment Portal |
| CVE-2024-45050 | Ringer Server Does Not Check Members When Loading Messages |
| CVE-2024-52500 | WordPress Monetag Official Plugin plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2024-5309 | Form Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions |
| CVE-2024-5318 | Missing Authorization in GitLab |
| CVE-2024-53258 | download_all_submissions allows student to download another student's submissions in Autolab |
| CVE-2024-53298 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. A... |
| CVE-2024-53708 | WordPress AI Quiz plugin <= 1.1 - Broken Access Control vulnerability |
| CVE-2024-53784 | WordPress Smart Marketing SMS and Newsletters Forms plugin <= 5.0.9 - Broken Access Control vulnerability |
| CVE-2024-53785 | WordPress Chatter plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2024-53795 | WordPress Church Admin plugin <= 5.0.8 - Broken Access Control vulnerability |
| CVE-2024-53798 | WordPress FloristPress plugin <= 7.3.0 - Nonce Leakage to Broken Access Control vulnerability |
| CVE-2024-53799 | WordPress FloristPress plugin <= 7.3.0 - Broken Access Control vulnerability |
| CVE-2024-53803 | WordPress WP Mailster plugin <= 1.8.16.0 - Broken Access Control vulnerability |
| CVE-2024-53805 | WordPress WP Mailster plugin <= 1.8.16.0 - Broken Access Control vulnerability |
| CVE-2024-53806 | WordPress Maspik plugin <= 2.2.7 - CSRF to Settings Change vulnerability |
| CVE-2024-53810 | WordPress Simple User Registration plugin <= 5.5 - Broken Access Control on User Deletion vulnerability |
| CVE-2024-53813 | WordPress wp-travel plugin <= 9.6.0 - Broken Access Control vulnerability |
| CVE-2024-53816 | WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability |
| CVE-2024-53819 | WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.0 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-53825 | WordPress FileBird Lite plugin <= 6.3.2 - Broken Access Control vulnerability |
| CVE-2024-53826 | WordPress WPCasa plugin <= 1.2.13 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-54020 | A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an... |
| CVE-2024-54217 | WordPress ARForms plugin <= 6.4.1 - Plugin Settings Change vulnerability |
| CVE-2024-54218 | WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Plugin Settings Change vulnerability |
| CVE-2024-54227 | WordPress Minimum and Maximum Quantity for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2024-54239 | WordPress Eyewear prescription form plugin <= 4.0.18 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-54241 | WordPress Elite Notification plugin 1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-54242 | WordPress Simple Notification plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2024-54251 | WordPress Prodigy Commerce plugin <= 3.0.9 - Broken Access Control vulnerability |
| CVE-2024-54252 | WordPress Pinpoint Booking System Plugin <= 2.9.9.5.6 - Broken Access Control vulnerability |
| CVE-2024-54254 | WordPress Message Filter for Contact Form 7 plugin <= 1.6.3 - Broken Access Control vulnerability |
| CVE-2024-54256 | WordPress Easy Blocks pro plugin <= 1.0.21 - Broken Access Control vulnerability |
| CVE-2024-54267 | WordPress CM Answers plugin <= 3.2.6 - Broken Access Control vulnerability |
| CVE-2024-54268 | WordPress SiteOrigin Widgets Bundle plugin <= 1.64.0 - Broken Access Control vulnerability |
| CVE-2024-54269 | WordPress Notibar plugin <= 2.1.4 - Broken Access Control vulnerability |
| CVE-2024-54271 | WordPress WPCargo Track & Trace plugin <= 7.0.6 - Settings Change vulnerability |
| CVE-2024-54278 | WordPress News Ticker for Elementor plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2024-54289 | WordPress Awesome Support plugin <= 6.3.0 - Broken Access Control vulnerability |
| CVE-2024-54298 | WordPress Car Dealer plugin <= 4.46 - Broken Access Control vulnerability |
| CVE-2024-54310 | WordPress Gou Manage My Account Menu plugin <= 1.0.1.8 - Broken Access Control vulnerability |
| CVE-2024-54311 | WordPress Mark New Posts plugin <= 7.5.1 - Broken Access Control vulnerability |
| CVE-2024-54323 | WordPress New User Approve plugin <= 2.6.2 - Broken Access Control vulnerability |
| CVE-2024-54326 | WordPress GEO my WP plugin <= 4.5.0.4 - Broken Access Control vulnerability |
| CVE-2024-54354 | WordPress Termin-Kalender plugin <= 0.99.47 - Broken Access Control vulnerability |
| CVE-2024-54359 | WordPress Banner System plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2024-54369 | WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability |
| CVE-2024-54378 | WordPress Quietly Insights plugin <= 1.2.2 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-54379 | WordPress Minterpress plugin <= 1.0.5 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-54381 | WordPress Advance Menu Manager plugin <= 3.1.1 - Settings Change vulnerability |
| CVE-2024-54384 | WordPress Falcon – WordPress Optimizations & Tweaks plugin <= 2.8.3 - Broken Access Control vulnerability |
| CVE-2024-54402 | WordPress Arabic Webfonts plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2024-56217 | WordPress Download Manager plugin <= 3.3.03 - Broken Access Control vulnerability |
| CVE-2024-56219 | WordPress Widget Options plugin <= 4.0.6.1 - Broken Access Control vulnerability |
| CVE-2024-56225 | WordPress Premium Addons for Elementor plugin <= 4.10.56 - Broken Access Control vulnerability |
| CVE-2024-56227 | WordPress Royal Elementor Addons plugin <= 1.7.1001 - Broken Access Control vulnerability |
| CVE-2024-56234 | WordPress VW Automobile Lite theme <= 2.1 - Broken Access Control vulnerability |
| CVE-2024-56236 | WordPress Hestia Nginx Cache plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-56238 | WordPress Floating Action Buttons plugin <= 0.9.1 - Broken Access Control vulnerability |
| CVE-2024-56243 | WordPress WPSSO Core plugin <= 18.18.1 - Broken Access Control vulnerability |
| CVE-2024-56244 | WordPress Ashe Extra plugin <= 1.2.92 - Broken Access Control vulnerability |
| CVE-2024-56253 | WordPress Data Tables Generator by Supsystic plugin <= 1.10.36 - Broken Access Control vulnerability |
| CVE-2024-56255 | WordPress AyeCode Connect plugin <= 1.3.8 - Broken Access Control vulnerability |
| CVE-2024-56266 | WordPress MP3 Audio Player plugin <= 5.8 - Broken Access Control vulnerability |
| CVE-2024-56270 | WordPress WP SecureSubmit plugin <= 1.5.16 - Sensitive Data Exposure vulnerability |
| CVE-2024-56271 | WordPress WP SecureSubmit plugin <= 1.5.16 - Broken Access Control vulnerability |
| CVE-2024-56272 | WordPress Hide Category by User Role for WooCommerce plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2024-56273 | WordPress WPvivid Backup plugin <= 0.9.106 - Broken Access Control vulnerability |
| CVE-2024-56276 | WordPress WPForms Lite plugin <= 1.9.2.2 - Broken Access Control vulnerability |
| CVE-2024-56294 | WordPress Nexter Blocks plugin <= 4.0.7 - Broken Access Control vulnerability |
| CVE-2024-56295 | WordPress Poll Maker plugin <= 5.5.6 - Broken Access Control vulnerability |
| CVE-2024-5685 | Broken Function Level Authorization (BFLA) in snipe/snipe-it |
| CVE-2024-5710 | Improper Access Control in Team Management in berriai/litellm |
| CVE-2024-5769 | MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Limited Settings Update |
| CVE-2024-5784 | Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference |
| CVE-2024-5820 | Unprotected WebSocket in stitionai/devika |
| CVE-2024-5857 | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authoriz... |
| CVE-2024-5861 | WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection |
| CVE-2024-5899 | Improper trust check in Bazel Build intellij plugin |
| CVE-2024-5939 | GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Limited Information Exposure |
| CVE-2024-5940 | GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update |
| CVE-2024-5941 | GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Missing Authorization to Authenticated (Subscriber+) Limited Fi... |
| CVE-2024-5987 | WP Accessibility Helper <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update |
| CVE-2024-5997 | Duplica <= 0.6 - Authenticated (Subscriber+) Missing Authorization to Users/Posts Duplicates Creation |
| CVE-2024-6071 | PTC Creo Elements/Direct License Server Missing Authorization |
| CVE-2024-6155 | Greenshift – animation and page builder blocks <= 9.0.0 - Missing Authorization to Authenticated (Subscriber+) Server-Side Re... |
| CVE-2024-6303 | Missing Authorization in Conduit |
| CVE-2024-6332 | Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.3 - Missing Authorization to Sensitive I... |
| CVE-2024-6366 | User Profile Builder < 3.11.8 - Unauthenticated Media Upload |
| CVE-2024-6406 | Sensetive Data Exposure in Yordam Information Technology's Mobile Library Application |
| CVE-2024-6458 | WooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-6489 | Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authorization to Google API key update |
| CVE-2024-6491 | Getwid – Gutenberg Blocks <= 2.0.10 - Missing Authentication to MailChimp API key update |
| CVE-2024-6500 | InPost for WooCommerce <= 1.4.0 and InPost PL <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary File Read and Del... |
| CVE-2024-6590 | Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Googl... |
| CVE-2024-6591 | Ultimate WordPress Auction Plugin <= 4.2.6 - Missing Authorization to Unauthenticated Email Creation |
| CVE-2024-6626 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization |
| CVE-2024-6631 | ImageRecycle pdf & image compression <= 3.1.14 - Missing Authorization in Several AJAX Actions |
| CVE-2024-6636 | WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation |
| CVE-2024-6688 | Oxygen Builder <= 4.8.3 - Missing Authorization to Authenticated (Subscriber+) Stylesheet Update |
| CVE-2024-6698 | FundEngine – Donation and Crowdfunding Platform <= 1.7.0 - Authenticated (Subscriber+) Privilege Escalation |
| CVE-2024-6709 | Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update |
| CVE-2024-6750 | Social Auto Poster <= 5.3.14 - Missing Authorization via Multiple Functions |
| CVE-2024-6754 | Social Auto Poster <= 5.3.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update via wpw_auto_p... |
| CVE-2024-6755 | Social Auto Poster <= 5.3.14 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2024-6799 | YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install... |
| CVE-2024-6805 | Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources |
| CVE-2024-6806 | Missing Authorization Checks In NI VeriStand Gateway For Project Resources |
| CVE-2024-6824 | Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion an... |
| CVE-2024-6836 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Cli... |
| CVE-2024-6846 | SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge |
| CVE-2024-6869 | Falang multilanguage for WordPress <= 1.3.52 - Missing Authorization to Translation Update and Information Exposure |
| CVE-2024-6872 | Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor... |
| CVE-2024-6883 | Event Espresso 4 Decaf – Event Registration Event Ticketing <= 5.0.22.decaf - Authenticated (Subscriber+) Missing Authorizati... |
| CVE-2024-6987 | Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation |
| CVE-2024-8771 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missi... |
| CVE-2024-8860 | Tourfic <= 2.14.5 - Missing Authorization in Multiple Functions |
| CVE-2024-8999 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-9000 | Improper Authorization and Duplicate Slug Vulnerability in lunary-ai/lunary |
| CVE-2024-9025 | Sight – Professional Image Gallery and Portfolio <= 1.1.2 - Missing Authorization to Sensitive Information Exposure in handle... |
| CVE-2024-9065 | WP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test |
| CVE-2024-9067 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Missing Authorizati... |
| CVE-2024-9095 | Improper Authorization in lunary-ai/lunary |
| CVE-2024-9096 | Improper Authorization in lunary-ai/lunary |
| CVE-2024-9109 | UPS Live Rates and Access Points <= 2.3.11 - Missing Authorization to Plugin API key reset |
| CVE-2024-9161 | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.228 - Missing Authorization to Unauthenticated User and Term Met... |
| CVE-2024-9187 | Read more By Adam <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Read More Button Deletion |
| CVE-2024-9189 | EU/UK VAT Manager for WooCommerce <= 2.12.12 - Missing Authorization |
| CVE-2024-9195 | WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-54417 | WordPress PixProof plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2024-7030 | Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Data Update |
| CVE-2024-7031 | File Manager Pro – Filester <= 1.8.2 - Authenticated Plugin Settings Update |
| CVE-2024-7032 | Smart Online Order for Clover <= 1.5.6 - Missing Authorization to Plugin Deactivation and Data Deletion |
| CVE-2024-7043 | Improper Access Control in open-webui/open-webui |
| CVE-2024-7045 | Improper Access Control in open-webui/open-webui |
| CVE-2024-7046 | Improper Access Control in open-webui/open-webui |
| CVE-2024-7135 | Tainacan <= 0.21.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read |
| CVE-2024-7258 | WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion |
| CVE-2024-7380 | Geo Controller <= 8.6.9 - Missing Authorization to Authenticated (Subscriber+) Menu Creation/Deletion |
| CVE-2024-7381 | Geo Controller <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution |
| CVE-2024-7390 | WP Testimonial Widget <= 3.0 - Missing Authorization |
| CVE-2024-7447 | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authoriz... |
| CVE-2024-7475 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-7491 | HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe |
| CVE-2024-7605 | HelloAsso <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update |
| CVE-2024-7621 | Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subsc... |
| CVE-2024-7622 | Revision Manager TMC <= 2.8.19 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending |
| CVE-2024-7648 | Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure |
| CVE-2024-7714 | AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls |
| CVE-2024-7721 | HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limit... |
| CVE-2024-7727 | HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_... |
| CVE-2024-7767 | Improper Access Control in danswer-ai/danswer |
| CVE-2024-7786 | Sensei LMS < 4.24.2 - Unauthenticated Email Template Leak |
| CVE-2024-7856 | MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.7.0.1 - Missing Authorization to Authenticated (Subscr... |
| CVE-2024-7858 | Media Library Folders <= 8.2.3 - Missing Authorization on Various Functions |
| CVE-2024-7888 | Classified Listing – Classified ads & Business Directory Plugin <= 3.1.7 - Missing Authorization |
| CVE-2024-7894 | If Menu <= 0.19.1 - Missing Authorization to License Key Update |
| CVE-2024-8001 | VIWIS LMS Print authorization |
| CVE-2024-8042 | Rapid7 Insight Platform Unauthorized Empty Group Creation |
| CVE-2024-8074 | Sensetive Data Exposure in Nomysoft Informatics' Nomysem |
| CVE-2024-8102 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-8114 | Missing Authorization in GitLab |
| CVE-2024-8121 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change |
| CVE-2024-8195 | Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure |
| CVE-2024-8199 | Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Auth... |
| CVE-2024-8272 | macOS Universal Audio (UAConnect) <= 2.7.0 - Local Privilege Escalation |
| CVE-2024-8289 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor P... |
| CVE-2024-8349 | Uncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation |
| CVE-2024-8350 | Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add |
| CVE-2024-8369 | EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure |
| CVE-2024-8427 | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin <= 1.2.2 - Missing Authorization to Authenticated (... |
| CVE-2024-8430 | Spice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import |
| CVE-2024-8431 | Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.21 - Missing Authorization to Authenticated (Subscriber+) Private G... |
| CVE-2024-8432 | Appointment & Event Booking Calendar Plugin – Webba Booking <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+)... |
| CVE-2024-8434 | Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Upd... |
| CVE-2024-8437 | WP Easy Gallery – WordPress Gallery Plugin <= 4.8.5 - Missing Authorization to Authenticated (Subscriber+) Gallery Manipulati... |
| CVE-2024-8480 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Uploa... |
| CVE-2024-8513 | QA Analytics <= 4.1.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-8548 | KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Authenticated (Subscriber+) Multiple... |
| CVE-2024-8552 | Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable |
| CVE-2024-8632 | KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure |
| CVE-2024-8658 | myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce... |
| CVE-2024-8667 | HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.10.0 - Missing Authorization to Authent... |
| CVE-2024-9202 | EDC DataSetResolver policy filtering missing |
| CVE-2024-9223 | WPDash Notes <= 1.3.5 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure |
| CVE-2024-9234 | GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload |
| CVE-2024-9361 | Bulk images optimizer: Resize, optimize, convert to webp, rename ... <= 2.0.1 - Missing Authorization to Authenticated (Subsc... |
| CVE-2024-9364 | SendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion |
| CVE-2024-9520 | UserPlus <= 2.0 - Missing Authorization via Multiple Functions |
| CVE-2024-9578 | Hide Links <= 1.4.2 - Unauthenticated Shortcode Execution |
| CVE-2024-9583 | RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging <= 4.23.12 - Missing Authorization |
| CVE-2024-9584 | Image Map Pro <= 6.0.20 - Missing Authorization to Authenticated (Contributor+) Map Project Add/Update/Delete |
| CVE-2024-9586 | Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update |
| CVE-2024-9587 | Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX |
| CVE-2024-9626 | Editorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Upload and Set Post F... |
| CVE-2024-9628 | WPS Telegram Chat <= 4.5.4 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API |
| CVE-2024-9629 | Contact Form 7 + Telegram <= 0.8.5 - Missing Authorization to Authenticated (Subscriber+) Subscription Approve/Pause/Refuse |
| CVE-2024-9630 | WPS Telegram Chat <= 4.5.4 - Missing Authorization to Information Exposure |
| CVE-2024-9671 | System: pdf invoices of the developer users can be seen if the url is known |
| CVE-2024-9685 | Notification for Telegram <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Send Telegram Test Message |
| CVE-2024-9686 | Order Notification for Telegram <= 1.0.1 - Missing Authorization to Unauthenticated Send Telegram Test Message |
| CVE-2024-9697 | Social Rocket – Social Sharing Plugin <= 1.3.4 - Missing Authorization to Settings Update |
| CVE-2024-9705 | Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update |
| CVE-2024-9706 | Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Unauthenticated Template Activation |
| CVE-2024-9707 | Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation |
| CVE-2024-9756 | Order Attachments for WooCommerce 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File U... |
| CVE-2024-9824 | ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post T... |
| CVE-2024-9829 | Download Plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) User Metadata and Comment Download |
| CVE-2024-9860 | Bridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo Import |
| CVE-2024-9891 | Multiline files upload for contact form 7 <= 2.8.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation |
| CVE-2025-0067 | Missing Authorization check in SAP NetWeaver Application Server Java |
| CVE-2025-0068 | Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP |
| CVE-2025-0466 | Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure |
| CVE-2025-0515 | Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscr... |
| CVE-2025-0763 | Ultimate Classified Listings <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update |
| CVE-2025-0856 | PGS Core <= 5.8.0 - Missing Authorization via Multiple Functions |
| CVE-2025-0935 | Media Library Folders <= 8.3.0 - Missing Authorization to Plugin Settings Change |
| CVE-2025-0939 | MagicForm - WordPress Form Builder <= 1.6.2 - Missing Authorization |
| CVE-2025-0951 | LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated |
| CVE-2025-0952 | Eco Nature - Environment & Ecology WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Op... |
| CVE-2025-0954 | WP Online Contract <= 5.1.4 - Missing Authorization to Unauthenticated Settings Import |
| CVE-2025-0955 | VidoRev Extensions <= 2.9.9.9.9.9.5 - Missing Authorization to Unauthenticated Youtube Video Import |
| CVE-2025-10008 | Translate WordPress and go Multilingual – Weglot <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion |
| CVE-2024-4139 | Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules) |
| CVE-2024-41728 | Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2025-10040 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.27 - Missing Authorization to Authenticated (Subscriber+) FTP/SFTP C... |
| CVE-2025-10173 | ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Aut... |
| CVE-2025-10184 | OnePlus OxygenOS Telephony provider permission bypass |
| CVE-2025-10186 | WhyDonate – FREE Donate button – Crowdfunding – Fundraising <= 4.0.14 - Missing Authorization to Unauthenticated wp_wdplugin_... |
| CVE-2025-1021 | Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and... |
| CVE-2025-10212 | SiteAlert (Formerly WP Health) <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information Exposure |
| CVE-2025-10299 | WPBifröst – Instant Passwordless Temporary Login Links <= 1.0.7 - Missing Authorization to Authenticated (Subscriber+) Privil... |
| CVE-2025-10303 | Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation |
| CVE-2025-10305 | Secure Passkeys <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Passkey Exposure and Deletion |
| CVE-2025-10313 | Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-10352 | Missing Authorization vulnerability in Melis Platform |
| CVE-2025-10489 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.0 - Missing Authorization to Authenticated (Contributor+) Form C... |
| CVE-2025-1055 | K7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-... |
| CVE-2025-10579 | BackWPup <= 5.5.0 - Missing Authorization to Sensitive Information Exposure |
| CVE-2025-10637 | Social Feed Gallery <= 4.9.2 - Missing Authorization to Unauthenticated Information Exposure |
| CVE-2024-41729 | Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer) |
| CVE-2025-10638 | NS Maintenance Mode for WP <= 1.3.1 - Unauthenticated Subscribers Export |
| CVE-2025-10648 | Login with YourMembership - YM SSO Login <= 1.1.7 - Missing Authorization to Unauthenticated Sensitive Information Exposure v... |
| CVE-2025-10690 | Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin... |
| CVE-2025-10694 | User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.8.0 - Missing Authorization to Info... |
| CVE-2025-10706 | Classified Pro <= 1.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation |
| CVE-2025-10732 | SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Inform... |
| CVE-2025-1074 | Webkul QloApps URL mylogout cross-site request forgery |
| CVE-2025-10749 | Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media Deletio... |
| CVE-2025-1084 | Mindskip xzs-mysql 学之思开源考试系统 cross-site request forgery |
| CVE-2025-10849 | Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via... |
| CVE-2025-10871 | Missing Authorization in GitLab |
| CVE-2025-10873 | Elementinvader Addons for Elementor < 1.4.1 – Unauthenticated Arbitrary Email Sending |
| CVE-2025-10896 | Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload |
| CVE-2025-10901 | Originality.ai AI Checker <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure v... |
| CVE-2024-41730 | Missing Authentication check in SAP BusinessObjects Business Intelligence Platform |
| CVE-2025-11228 | GiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms-Campaign Associa... |
| CVE-2025-11237 | Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update |
| CVE-2025-11255 | Password Policy Manager | Password Manager <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log... |
| CVE-2025-11257 | LLM Hubspot Blog Import <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Hubspot Import |
| CVE-2025-11269 | Product Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-11580 | PowerJob list authorization |
| CVE-2025-11581 | PowerJob OpenAPIController runJob authorization |
| CVE-2025-1091 | Broken Authorization Schema |
| CVE-2025-11029 | givanz Vvveb cross-site request forgery |
| CVE-2025-11051 | SourceCodester Pet Grooming Management Software cross-site request forgery |
| CVE-2025-11154 | IDonate < 2.1.13 - Unauthenticated User Deletion |
| CVE-2025-11172 | Check Plagiarism <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-11191 | RealPress < 1.1.0 - Unauthenticated Content Creation/Email Sending via REST |
| CVE-2025-11372 | LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation |
| CVE-2025-11373 | Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider,... |
| CVE-2025-11378 | ShortPixel Image Optimizer <= 6.3.4 - Authenticated (Contributor+) Settings Import/Export |
| CVE-2025-11380 | Everest Backup <= 2.3.5 - Missing Authorization to Unauthenticated Information Exposure |
| CVE-2025-11438 | JhumanJ OpnForm API Endpoint custom-domains authorization |
| CVE-2025-11439 | JhumanJ OpnForm integrations authorization |
| CVE-2025-11442 | JhumanJ OpnForm API Endpoint cross-site request forgery |
| CVE-2025-11448 | Gallery Plugin for WordPress – Envira Photo Gallery <= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery... |
| CVE-2025-11564 | Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update |
| CVE-2025-11587 | Call Now Button <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Settings Update |
| CVE-2025-11692 | Zip Attachments <= 1.6 - Missing Authorization to Limited File Deletion |
| CVE-2025-11701 | Zip Attachments <= 1.6 - Missing Authorization to Unauthenticated Private And Password-Protected Posts Attachment Disclosure |
| CVE-2025-11702 | Missing Authorization in GitLab |
| CVE-2025-11705 | Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Fi... |
| CVE-2025-11742 | WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure |
| CVE-2025-11758 | All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation a... |
| CVE-2025-11816 | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.5.1 - Missing Authorization to... |
| CVE-2025-11833 | Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Ta... |
| CVE-2025-11835 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authoriz... |
| CVE-2025-11881 | AppPresser – Mobile App Framework <= 4.5.0 - Missing Authorization to Unauthenticated Limited Sensitive Information Exposure |
| CVE-2025-11887 | Supervisor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-11890 | Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass |
| CVE-2025-11894 | Shelf Planner <= 2.7.0 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-11632 | Call Now Button <= 1.5.4 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions |
| CVE-2025-1233 | Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update |
| CVE-2025-12350 | DominoKit <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-11975 | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.2... |
| CVE-2025-11988 | Crypto Tool <= 2.22 - Missing Authentication to Unauthenticated Limited File Deletion |
| CVE-2025-11989 | Missing Authorization in GitLab |
| CVE-2025-11996 | Find Unused Images <= 1.0.7 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion |
| CVE-2025-11999 | Add Multiple Marker <= 1.2 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-12014 | NGINX Cache Optimizer <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Dynamic Caching Exclusion Update |
| CVE-2025-12015 | Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed <= 2.0.0 - Missing... |
| CVE-2025-12041 | ERI File Library <= 1.1.0 - Missing Authorization to Unauthenticated Protected File Download |
| CVE-2025-12042 | Course Booking System <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export |
| CVE-2025-12113 | Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (S... |
| CVE-2025-12134 | ZoloBlocks <= 2.3.11 - Missing Authorization to Unauthenticated Popup Enable/Disable |
| CVE-2025-1214 | pihome-shc PiHome Role-Based Access Control user_accounts.php authorization |
| CVE-2025-12156 | Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 - 2.2.6 - Missing Authorization to Authenti... |
| CVE-2025-12157 | Simple User Capabilities <= 1.0 - Missing Authorization to Unauthenticated Capability Reset |
| CVE-2025-12377 | Gallery Plugin for WordPress – Envira Photo Gallery <= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gal... |
| CVE-2025-12384 | Document Embedder – Embed PDFs, Word, Excel, and Other Files <= 2.0.0 - Missing Authorization to Unauthenticated Document Man... |
| CVE-2025-12389 | Import Export For WooCommerce <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-12469 | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Missing Authorization to... |
| CVE-2025-12158 | Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-12167 | Contact Form 7 AWeber Extension <= 0.1.42 - Missing Authorization to Authenticated (Subscriber+) Log Reset |
| CVE-2025-12175 | The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure |
| CVE-2025-12180 | Qi Blocks <= 1.4.3 - Missing Authorization to Authenticated (Contributor+) Plugin Settings Update |
| CVE-2025-12202 | ajayrandhawa User-Management-PHP-MYSQL web cross-site request forgery |
| CVE-2025-12563 | Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload |
| CVE-2025-12582 | Features <= 0.0.2 - Missing Authorization to Authenticated (Subscriber+) Option Reset |
| CVE-2025-12583 | Simple Downloads List <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2025-12633 | Booking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection |
| CVE-2025-12665 | Ninja Countdown <= 1.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Countdown Deletion |
| CVE-2025-12675 | KiotViet Sync <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-1279 | BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-1249 | WordPress Events Manager plugin <= 6.6.4.1 - Broken Access Control vulnerability |
| CVE-2025-12498 | EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking... |
| CVE-2025-12817 | PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege |
| CVE-2025-12847 | All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic <= 4.8.9 - Missing Authorization to Authenticat... |
| CVE-2025-12849 | Contest Gallery <= 28.0.2 - Missing Authorization |
| CVE-2025-1285 | Resido - Real Estate WordPress Theme <= 3.6 - Missing Authorization to Unauthenticated Server-Side Request Forgery and API Ke... |
| CVE-2025-12891 | Survey Maker <= 5.1.9.4 - Missing Authorization to Unauthenticated Information Exposure |
| CVE-2025-12892 | Survey Maker <= 5.1.9.4 - Missing Authorization Unauthenticated Limited Option Update |
| CVE-2025-12924 | rymcu forest BankController.java GlobalResult authorization |
| CVE-2025-12925 | rymcu forest UserDicController.java deleteDic authorization |
| CVE-2025-12953 | Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.2.0 - Missing Authorization to Authenticated... |
| CVE-2025-12979 | Welcart e-Commerce <= 2.11.24 - Missing Authorization to Unauthenticated Information Exposure |
| CVE-2025-1299 | Missing Authorization in GitLab |
| CVE-2025-1304 | NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-13063 | DinukaNavaratna Dee Store authorization |
| CVE-2025-1307 | Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-1309 | UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.04 - Missing Authorization to Authenticated (Subsc... |
| CVE-2025-13119 | Fabian Ros/SourceCodester Simple E-Banking System cross-site request forgery |
| CVE-2025-13177 | Bdtask/CodeCanyon SalesERP cross-site request forgery |
| CVE-2025-13179 | Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System cross-site request forgery |
| CVE-2025-1325 | WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Missing Authorization to Authenticated (Subscriber+) Arbitra... |
| CVE-2025-1326 | Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Reserva... |
| CVE-2025-1358 | Pix Software Vivaz cross-site request forgery |
| CVE-2025-1402 | Event Tickets and Registration <= 5.19.1.1 - Missing Authorization to Ticket Deletion |
| CVE-2025-1404 | Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval v... |
| CVE-2025-1408 | ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join G... |
| CVE-2025-1481 | Shortcode Cleaner Lite <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Export |
| CVE-2025-1483 | LTL Freight Quotes – GlobalTranz Edition <= 2.3.12 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-1502 | IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export |
| CVE-2025-1504 | Post Lockdown <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post Disclosure |
| CVE-2025-1507 | ShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Feature Deactivation |
| CVE-2025-1508 | WP Crowdfunding <= 2.1.13 - Missing Authorization to Authenticated (Subscriber+) Post Content Download |
| CVE-2025-1528 | Search and filter pro <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exposure |
| CVE-2025-1557 | OFCMS cross-site request forgery |
| CVE-2025-1562 | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Autho... |
| CVE-2025-1639 | Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installatio... |
| CVE-2025-1643 | Benner ModernaNet SG_AlterarSenha cross-site request forgery |
| CVE-2025-1644 | Benner ModernaNet SG_Gravar cross-site request forgery |
| CVE-2025-1657 | Directory Listings WordPress plugin – uListing <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post... |
| CVE-2025-1666 | Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics <= 4.4.1 - Missing Authorization to Authenticated (Subscri... |
| CVE-2025-1668 | School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Arbitrary User Deletion |
| CVE-2025-1681 | Cardealer <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Change and Delete JS and CSS Files |
| CVE-2025-1682 | Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-1745 | LinZhaoguan pb-cms Logout cross-site request forgery |
| CVE-2025-1766 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Missing Authorization to Unauthenticated Payment... |
| CVE-2025-1777 | BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via ux_cb_p... |
| CVE-2025-1778 | Art Theme <= 3.12.2.3 - Missing Authorization to Authenticated (Subscriber+) Theme Option Delete |
| CVE-2025-1780 | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.25 - Cross-Site Request Forgery to Limi... |
| CVE-2025-1813 | zj1983 zz cross-site request forgery |
| CVE-2025-1891 | shishuocms cross-site request forgery |
| CVE-2025-20164 | A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticate... |
| CVE-2025-2025 | Give <= 3.22.0 - Missing Authorization to Unauthenticated Arbitrary Earning Reports Disclosure via give_reports_earnings Func... |
| CVE-2025-20301 | Cisco Secure Firewall Management Center Software Authorization Bypass Vulnerability |
| CVE-2025-20302 | Cisco Secure Firewall Management Center Software Authorization Bypass Vulnerability |
| CVE-2025-20362 | Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or... |
| CVE-2025-2042 | huang-yk student-manage cross-site request forgery |
| CVE-2025-22739 | WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability |
| CVE-2025-22740 | WordPress Sensei LMS plugin <= 4.24.4 - Broken Access Control vulnerability |
| CVE-2025-2276 | Ultimate Dashboard <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation |
| CVE-2025-22770 | WordPress Envo Multipurpose theme <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-22779 | WordPress WP News Sliders plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-22787 | WordPress Button Block plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2025-22800 | WordPress Post SMTP plugin <= 2.9.11 - Broken Access Control vulnerability |
| CVE-2025-2289 | Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates |
| CVE-2025-2290 | LifterLMS <= 8.0.1 - Missing Authorization to Unauthenticated Post Trashing |
| CVE-2025-2298 | Authenticated API Endpoint Allows Arbitrary File Deletion in Dremio Software |
| CVE-2025-23025 | Privilege escalation (PR) through realtime WYSIWYG editing in XWiki |
| CVE-2025-23187 | Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) |
| CVE-2025-23188 | Missing Authorization check in SAP S/4HANA (RBD) |
| CVE-2025-23189 | Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) |
| CVE-2025-23190 | Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI) |
| CVE-2025-23423 | WordPress SendGrid for WordPress plugin <= 1.4 - Broken Access Control vulnerability |
| CVE-2025-23440 | WordPress radSLIDE plugin <= 2.1 - Broken Access Control to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23477 | WordPress Realty Workstation plugin <= 1.0.45 - Broken Access Control vulnerability |
| CVE-2025-23486 | WordPress Database Sync plugin <= 0.5.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-23512 | WordPress Team 118GROUP Agent plugin <= 1.6.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-23514 | WordPress Loginplus plugin <= 1.2 - Broken Access Control vulnerability |
| CVE-2025-23515 | WordPress ts-tree plugin 0.1.1 - <= Arbitrary Content Deletion vulnerability |
| CVE-2025-23527 | WordPress WC Wallet plugin <= 2.2.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-23529 | WordPress Minterpress plugin <= 1.0.5 - Arbitrary Content Deletion vulnerability |
| CVE-2025-23534 | WordPress WPLingo plugin <= 1.1.2 - Arbitrary Content Deletion vulnerability |
| CVE-2025-23613 | WordPress WP Journal plugin <= 1.1 - Broken Access Control vulnerability |
| CVE-2025-23615 | WordPress Interactive Page Hierarchy plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-23656 | WordPress Donate visa plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-23684 | WordPress Debug Tool plugin <= 2.2 - Broken Access Control vulnerability |
| CVE-2025-23761 | WordPress Woo Tuner plugin <= 0.1.2 - Broken Access Control vulnerability |
| CVE-2025-23763 | WordPress WAH Forms plugin <= 1.0 - Sensitive Data Exposure vulnerability |
| CVE-2025-23764 | WordPress Copy Move Posts plugin <= 1.6 - Broken Access Control vulnerability |
| CVE-2025-23766 | WordPress OPSI Israel Domestic Shipments plugin <= 2.6.6 - Broken Access Control vulnerability |
| CVE-2025-23771 | WordPress Push Notification for Post and BuddyPress plugin <= 2.11 - Settings Change vulnerability |
| CVE-2025-23773 | WordPress Delete All Posts plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2025-23776 | WordPress Cache Sniper for Nginx plugin <= 1.0.4.2 - Broken Access Control vulnerability |
| CVE-2025-23778 | WordPress User Sync ActiveCampaign plugin <= 1.3.2 - Broken Access Control vulnerability |
| CVE-2025-23785 | WordPress AI Responsive Gallery Album plugin <= 1.4 - Broken Access Control vulnerability |
| CVE-2025-23849 | WordPress PAPERCITE plugin <= 0.5.18 - Broken Access Control vulnerability |
| CVE-2024-8675 | Soumettre.fr <= 2.1.2 - Missing Authorization |
| CVE-2024-8678 | Revolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update |
| CVE-2024-8682 | JNews - WordPress Newspaper Magazine Blog AMP Theme <= 11.6.6 - Unauthorized User Registration |
| CVE-2024-8700 | Event Calendar <= 1.0.4 - Unauthenticated Arbitrary Calendar Deletion |
| CVE-2025-2075 | Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-2103 | SoundRise Music <= 1.7 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-2104 | Page Builder: Pagelayer – Drag and Drop website builder <= 1.9.9 - Missing Authorization to Authenticated (Contributor+) Post... |
| CVE-2025-2110 | WP Compress <= 6.30.15 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions |
| CVE-2025-21396 | Microsoft Account Elevation of Privilege Vulnerability |
| CVE-2025-21416 | Azure Virtual Desktop Elevation of Privilege Vulnerability |
| CVE-2025-2224 | Directorist <= 8.2 - Missing Authorization to Unauthenticated Arbitrary Post Publishing |
| CVE-2025-22260 | WordPress Meta Tag Manager plugin <= 3.1 - Broken Access Control vulnerability |
| CVE-2025-22265 | WordPress EMI Calculator plugin <= 1.1 - Settings Change vulnerability |
| CVE-2025-22280 | WordPress DefendWP Firewall Plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2025-22285 | WordPress Pallet Packaging for WooCommerce Plugin <= 1.1.15 - Broken Access Control vulnerability |
| CVE-2025-22287 | WordPress LTL Freight Quotes – FreightQuote Edition plugin <= 2.3.11 - Broken Access Control vulnerability |
| CVE-2025-22289 | WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Broken Access Control vulnerability |
| CVE-2025-22291 | WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.20 - Arbitrary Content Deletion vulnerability |
| CVE-2025-22298 | WordPress Hive Support plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-22299 | WordPress AI for SEO plugin <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2025-22302 | WordPress WP Wand plugin <= 1.2.5 - Broken Access Control vulnerability |
| CVE-2025-22304 | WordPress WP Visitor Statistics plugin <= 7.3 - Broken Access Control vulnerability |
| CVE-2025-22318 | WordPress Standard Box Sizes plugin <= 1.6.13 - Broken Access Control vulnerability |
| CVE-2025-22319 | WordPress MashShare plugin <= 4.0.47 - Broken Access Control vulnerability |
| CVE-2025-22363 | WordPress Allada T-shirt Designer for Woocommerce plugin <= 1.1 - Broken Access Control vulnerability |
| CVE-2025-22385 | An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B appli... |
| CVE-2025-2246 | Missing Authorization in GitLab |
| CVE-2025-22512 | WordPress Help Scout Plugin <= 6.5.1 - Broken Access Control vulnerability |
| CVE-2025-22534 | WordPress Slides & Presentations Plugin <= 0.0.39 - Broken Access Control vulnerability |
| CVE-2025-22541 | WordPress WP Delete Post Copies plugin <= 5.5 - Broken Access Control vulnerability |
| CVE-2025-22543 | WordPress ST Gallery WP plugin <= 1.0.8 - Settings Change vulnerability |
| CVE-2025-22560 | WordPress Saoshyant Page Builder plugin <= 3.8 - Broken Access Control vulnerability |
| CVE-2025-22561 | WordPress Title Experiments Free plugin <= 9.0.4 - Broken Access Control vulnerability |
| CVE-2025-22591 | WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability |
| CVE-2025-22592 | WordPress 1003 Mortgage Application plugin <= 1.87 - Broken Access Control vulnerability |
| CVE-2025-22607 | Coolify Vulnerable to GitHub / GitLab OAuth Secrets Leak |
| CVE-2025-22608 | Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS) |
| CVE-2025-22609 | Coolify Vulnerable to Private Key Hijacking / Remote Command Execution (RCE) |
| CVE-2025-22610 | Coolify Vulnerable to OAuth Secrets Leak |
| CVE-2025-22611 | Coolify vulnerable to Privilege Escalation resulting in Remote Command Execution (RCE) |
| CVE-2025-22612 | Coolify Vulnerable to Private Key Enumeration on Onboarding resulting in Remote Command Execution (RCE) |
| CVE-2025-2262 | Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2025-22629 | WordPress iNET Webkit Plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-22643 | WordPress OnePress theme <= 2.3.11 - Broken Access Control vulnerability |
| CVE-2025-22647 | WordPress AIO Performance Profiler plugin <= 1.2 - Broken Access Control vulnerability |
| CVE-2025-22657 | WordPress Atarim plugin <= 4.0.9 - Arbitrary Content Deletion vulnerability |
| CVE-2025-2266 | Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update |
| CVE-2025-22665 | WordPress RapidLoad plugin <= 2.4.4 - Broken Access Control vulnerability |
| CVE-2025-22667 | WordPress Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin <= 1.8.2 - Broken Access Control v... |
| CVE-2025-22668 | WordPress Awesome Event Booking plugin <= 2.7.2 - Broken Access Control vulnerability |
| CVE-2025-2267 | WP01 – Speed, Security, SEO consultant <= 2.6.2 - Authenticated (Subscriber+) Arbitrary File Download |
| CVE-2025-22670 | WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.7.2 - CSRF to Settings Change vulnerability |
| CVE-2025-23862 | WordPress Contact Form 7 Anti Spambot plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-23906 | WordPress WordPress Dashboard Tweeter plugin <= 1.3.2 - Settings Change vulnerability |
| CVE-2025-23916 | WordPress WP Meetup plugin <= 2.3.0 - Settings Change vulnerability |
| CVE-2025-23917 | WordPress Chamber Dashboard Business Directory Plugin <= 3.3.8 - Broken Access Control vulnerability |
| CVE-2025-23929 | WordPress Email Capture & Lead Generation Plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2025-23930 | WordPress PayPal Marketing Solutions plugin <= 1.2 - Broken Access Control vulnerability |
| CVE-2025-23954 | WordPress Salvador – AI Image Generator plugin <= 1.0.11 - Broken Access Control vulnerability |
| CVE-2025-23955 | WordPress Xola plugin <= 1.6 - Broken Access Control vulnerability |
| CVE-2025-23957 | WordPress Sur.ly plugin <= 3.0.3 - Broken Access Control vulnerability |
| CVE-2025-23958 | WordPress Editor Wysiwyg Background Color plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-23961 | WordPress WordPress Graphs & Charts Plugin <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2025-23962 | WordPress Goldstar plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2025-23963 | WordPress Mark Posts plugin <= 2.2.3 - Broken Access Control vulnerability |
| CVE-2025-23971 | WordPress KI Live Video Conferences <= 5.5.15 - Broken Access Control Vulnerability |
| CVE-2025-23982 | WordPress Fare Calculator plugin <= 1.1 - CSRF to Stored Cross-Site Scripting vulnerability |
| CVE-2025-23991 | WordPress Product Size Charts Plugin for WooCommerce plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2025-23999 | WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability |
| CVE-2025-24021 | iTop doesn't have mass assignment of fields in the portal form |
| CVE-2025-2407 | Missing Authentication & Authorization in Web-API allows adversary unrestricted access |
| CVE-2025-2420 | 猫宁i Morning cross-site request forgery |
| CVE-2025-24571 | WordPress WP Fast Total Search plugin <= 1.78.258 - Broken Access Control vulnerability |
| CVE-2025-24577 | WordPress Poll Maker plugin <= 5.5.0 - Broken Access Control vulnerability |
| CVE-2025-24580 | WordPress 12 Step Meeting List plugin <= 3.16.5 - Arbitrary Content Deletion vulnerability |
| CVE-2025-24581 | WordPress Instantio plugin <= 3.3.7 - Settings Change vulnerability |
| CVE-2025-24583 | WordPress 12 Step Meeting List plugin <= 3.16.5 - Settings Change vulnerability |
| CVE-2025-24584 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.3.0 - Broken Access Control vulnerability |
| CVE-2025-24588 | WordPress Patreon WordPress plugin <= 1.9.1 - Broken Access Control vulnerability |
| CVE-2025-24589 | WordPress JSM Show Post Metadata plugin <= 4.6.0 - Broken Access Control vulnerability |
| CVE-2025-24590 | WordPress picu – Online Photo Proofing Gallery plugin <= 2.4.0 - Broken Access Control vulnerability |
| CVE-2025-24591 | WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.1 - Broken Access Control vulnerability |
| CVE-2025-24594 | WordPress Linet ERP-Woocommerce Integration plugin <= 3.5.7 - CSRF to Broken Access Control vulnerability |
| CVE-2025-24596 | WordPress WooCommerce Product Table Lite plugin <= 3.8.7 - Broken Access Control vulnerability |
| CVE-2025-24600 | WordPress RSVPMaker plugin <= 11.4.5 - Broken Access Control vulnerability |
| CVE-2025-24603 | WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.10 - Brok... |
| CVE-2025-24604 | WordPress Lifetime free Drag & Drop Contact Form Builder for WordPress VForm plugin <= 3.0.5 - Broken Access Control vulnerab... |
| CVE-2025-24606 | WordPress Client Invoicing by Sprout Invoices – Easy Estimates and Invoices for WordPress plugin <=20.8.1 - Broken Access Con... |
| CVE-2025-24607 | WordPress IdeaPush plugin <= 8.71 - Broken Access Control vulnerability |
| CVE-2025-24613 | WordPress FV Thoughtful Comments plugin <= 0.3.5 - Broken Access Control vulnerability |
| CVE-2025-24618 | WordPress ElementInvader Addons for Elementor Plugin <= 1.3.1 - Broken Access Control vulnerability |
| CVE-2025-24625 | WordPress Taxonomy/Term and Role based Discounts for WooCommerce plugin <= 5.1 - Cross Site Request Forgery (CSRF) to Setting... |
| CVE-2025-24633 | WordPress Build Private Store For Woocommerce plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-24642 | WordPress Setup Default Featured Image plugin <= 1.2 - Broken Access Control vulnerability |
| CVE-2025-24643 | WordPress WPGuppy plugin <= 1.1.0 - Broken Authentication vulnerability |
| CVE-2025-24649 | WordPress Admin and Site Enhancements (ASE) Plugin <= 7.6.2 - Broken Access Control vulnerability |
| CVE-2025-24652 | WordPress WP Duplicate plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-24653 | WordPress Admin and Site Enhancements (ASE) Pro Plugin <= 7.6.1.1 - Broken Access Control vulnerability |
| CVE-2025-24654 | WordPress Squirrly SEO plugin <= 12.4.05 - Broken Access Control vulnerability |
| CVE-2025-24662 | WordPress LearnDash LMS Plugin <= 4.20.0.1 - Broken Access Control vulnerability |
| CVE-2025-24679 | WordPress Internal Links Manager plugin <= 2.5.2 - Broken Access Control vulnerability |
| CVE-2025-24682 | WordPress Super Block Slider plugin <= 2.7.9 - Broken Access Control vulnerability |
| CVE-2025-24691 | WordPress People Lists plugin <= 1.3.10 - Broken Access Control vulnerability |
| CVE-2025-24692 | WordPress Bulk Menu Edit plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2025-24693 | WordPress Advanced Notifications plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2025-24697 | WordPress Image Gallery – Responsive Photo Gallery plugin <= 1.0.5 - Broken Access Control vulnerability |
| CVE-2025-24705 | WordPress WooCommerce Quick View plugin <= 1.1.1 - Sensitive Data Exposure vulnerability |
| CVE-2025-24725 | WordPress Thim Elementor Kit Plugin <= 1.2.8 - Broken Access Control vulnerability |
| CVE-2025-24734 | WordPress Better Find and Replace plugin <= 1.6.7 - Privilege Escalation vulnerability |
| CVE-2025-24736 | WordPress Post Duplicator plugin <= 2.35 - Broken Access Control vulnerability |
| CVE-2025-24737 | WordPress WP Helper Premium plugin <= 4.6.1 - Broken Access Control vulnerability |
| CVE-2025-24743 | WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Broken Access Control vulnerability |
| CVE-2025-24744 | WordPress Bridge Core plugin <= 3.3 - Broken Access Control vulnerability |
| CVE-2025-24747 | WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2025-24750 | WordPress ExactMetrics plugin <= 8.1.0 - Broken Access Control vulnerability |
| CVE-2025-24751 | WordPress CoBlocks plugin <= 3.1.13 - Broken Access Control vulnerability |
| CVE-2025-24753 | WordPress Kadence Blocks plugin <= 3.3.1 - Broken Access Control vulnerability |
| CVE-2025-24754 | WordPress Houzez theme <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2025-24762 | WordPress TicketBAI Facturas para WooCommerce <= 3.19 - Broken Access Control Vulnerability |
| CVE-2025-24763 | WordPress bbPress API <= 1.0.14 - Broken Access Control Vulnerability |
| CVE-2025-24776 | WordPress Responsive Flipbooks <= 1.0 - Broken Access Control Vulnerability |
| CVE-2025-24778 | WordPress No Spam At All <= 1.3 - Broken Access Control Vulnerability |
| CVE-2025-12526 | Private Google Calendars <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset |
| CVE-2025-12527 | Page & Post Notes <= 1.3.4 - Missing Authorization to Authenticated (Subscriber+) Note Update/Deletion |
| CVE-2025-26655 | Missing Authorization check in SAP JIT(Outbound) |
| CVE-2025-24972 | Discourse may bypass user preference when adding users to chat groups |
| CVE-2025-24974 | DataEase Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability |
| CVE-2025-2506 | When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with C... |
| CVE-2025-25081 | WordPress Embed RSS plugin <= 3.1 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-25110 | WordPress Event Kikfyre plugin <= 2.1.8 - Broken Access Control vulnerability |
| CVE-2025-25120 | WordPress Slide Banners plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2025-25167 | WordPress BookPress – For Book Authors Plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2025-25241 | Missing Authorization check in SAP Fiori Apps Reference Library (My Overtime Requests) |
| CVE-2025-25244 | Missing Authorization Check in SAP Business Warehouse (Process Chains) |
| CVE-2025-2568 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited A... |
| CVE-2025-26367 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0... |
| CVE-2025-26368 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0... |
| CVE-2025-26369 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0... |
| CVE-2025-26370 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0... |
| CVE-2025-26371 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0... |
| CVE-2025-26372 | A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0... |
| CVE-2025-26373 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to vers... |
| CVE-2025-26374 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to ver... |
| CVE-2025-26375 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allow... |
| CVE-2025-26376 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allow... |
| CVE-2025-26377 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allow... |
| CVE-2025-26378 | A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allow... |
| CVE-2025-26773 | WordPress Analytify plugin <= 5.5.0 - Broken Access Control vulnerability |
| CVE-2025-26867 | WordPress Bulk theme <= 1.0.11 - Broken Access Control vulnerability |
| CVE-2025-26871 | WordPress Essential Blocks plugin <= 4.8.3 - Broken Access Control vulnerability |
| CVE-2025-26883 | WordPress Animated Text Block plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2025-26888 | WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.8 - Broken Access Control vulnerability |
| CVE-2025-26901 | WordPress Brizy Pro plugin <= 2.6.1 - Broken Access Control vulnerability |
| CVE-2025-26656 | Missing Authorization check in S/4HANA (Manage Purchasing Info Records) |
| CVE-2025-26657 | Information Disclosure vulnerability in SAP KMC WPC |
| CVE-2024-52485 | WordPress WP Menu Image plugin <= 2.2 - Broken Access Control vulnerability |
| CVE-2025-26920 | WordPress Customify theme <= 0.4.8 - Broken Access Control vulnerability |
| CVE-2025-26928 | WordPress Order Limit for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability |
| CVE-2025-26942 | WordPress JetTricks <= 1.5.1 - Broken Access Control Vulnerability |
| CVE-2025-26944 | WordPress JetPopup <= 2.0.11 - Broken Access Control Vulnerability |
| CVE-2025-26948 | WordPress Pie Register Premium plugin <= 3.8.3.2 - Broken Access Control vulnerability |
| CVE-2025-26953 | WordPress JetMenu <= 2.4.9 - Broken Access Control Vulnerability |
| CVE-2025-26955 | WordPress Industrial Lite theme <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2025-26956 | WordPress Traveler theme <= 3.1.8 - Broken Access Control vulnerability |
| CVE-2025-26958 | WordPress JetBlog <= 2.4.3 - Broken Access Control Vulnerability |
| CVE-2025-26959 | WordPress Administrator Z <= 2025.03.24 - Privilege Escalation Vulnerability |
| CVE-2025-26960 | WordPress Small Package Quotes – Unishippers Edition plugin <= 2.4.9 - Broken Access Control vulnerability |
| CVE-2025-26961 | WordPress Fresh Framework plugin <= 1.70.0 - Unauthenticated Broken Access Control vulnerability |
| CVE-2025-26661 | Missing Authorization check in SAP NetWeaver (ABAP Class Builder) |
| CVE-2025-26733 | WordPress Traveler theme <= 3.1.8 - Broken Access Control vulnerability |
| CVE-2025-26741 | WordPress Email Notifications for Updates <= 1.1.6 - Privilege Escalation Vulnerability |
| CVE-2025-26750 | WordPress Vitepos Plugin <= 3.1.3 - Broken Access Control vulnerability |
| CVE-2025-26764 | WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Settings Change vulnerability |
| CVE-2025-26765 | WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Broken Access Control vulnerability |
| CVE-2025-28938 | WordPress WP Performance Pack plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2025-27103 | Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability |
| CVE-2025-2719 | Swatchly – WooCommerce Variation Swatches for Products (product attributes: Image swatch, Color swatches, Label swatches) 1.2... |
| CVE-2025-27270 | WordPress Residential Address Detection Plugin <= 2.5.4 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2025-27294 | WordPress WP-Asambleas plugin <= 2.85.0 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-27296 | WordPress Auto Ad Inserter – Increase Google Adsense and Ad Manager Revenue Plugin <= 1.5 - Settings Change vulnerability |
| CVE-2025-27310 | WordPress Page and Post Lister plugin <= 1.2.1 - Arbitrary Content Deletion vulnerability |
| CVE-2025-27356 | WordPress Sticky Header On Scroll plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-27428 | Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection) |
| CVE-2025-27432 | Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit) |
| CVE-2025-27435 | Information Disclosure Vulnerability in SAP Commerce Cloud |
| CVE-2025-27437 | Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface) |
| CVE-2025-2779 | Insert Headers and Footers Code – HT Script <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Options U... |
| CVE-2025-2789 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated... |
| CVE-2025-26968 | WordPress Cloak Front End Email <= 1.9.5 - Broken Access Control Vulnerability |
| CVE-2025-26969 | WordPress PrivateContent plugin <= 8.11.5 - Subscriber+ Site Wide Broken Access Control vulnerability |
| CVE-2025-26975 | WordPress Strong Testimonials plugin <= 3.2.3 - Broken Access Control vulnerability |
| CVE-2025-26983 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.3 - Broken Access Control vulnerability |
| CVE-2025-26995 | WordPress Market Exporter plugin <= 2.0.21 - Broken Access Control vulnerability |
| CVE-2025-27000 | WordPress Simple Photo Feed Plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2025-27008 | WordPress Unlimited Timeline < 1.6.1 - Broken Access Control Vulnerability |
| CVE-2025-27013 | WordPress MediCenter theme < 14.7 - Sensitive Data Exposure vulnerability |
| CVE-2025-27461 | CVE-2025-27461 |
| CVE-2025-27505 | GeoServer Missing Authorization on REST API Index |
| CVE-2025-2876 | MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User... |
| CVE-2025-28872 | WordPress Block Spam By Math Reloaded plugin <= 2.2.4 - Broken Access Control vulnerability |
| CVE-2025-28920 | WordPress Responsive Google Map plugin <= 3.1.5 - Broken Access Control vulnerability |
| CVE-2025-29756 | MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters |
| CVE-2025-28962 | WordPress Advanced Google Universal Analytics plugin <= 1.0.3 - Broken Access Control to Sensitive Data Exposure vulnerabilit... |
| CVE-2025-28965 | WordPress URL Shortener <= 3.0.7 - Broken Access Control Vulnerability |
| CVE-2025-28985 | WordPress Elastic Email Subscribe Form <= 1.2.2 - Broken Access Control Vulnerability |
| CVE-2025-2807 | Motors – Car Dealership & Classified Listings Plugin <= 1.4.64 - Missing Authorization to Authenticated (Subscriber+) Arbitra... |
| CVE-2025-2815 | Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-2816 | Page View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2025-2821 | Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification |
| CVE-2025-2832 | mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 cross-site request forgery |
| CVE-2025-30017 | Missing Authorization check in SAP Solution Manager |
| CVE-2025-3037 | yzk2356911358 StudentServlet-JSP cross-site request forgery |
| CVE-2025-30398 | Nuance PowerScribe 360 Information Disclosure Vulnerability |
| CVE-2025-30543 | WordPress Menu Duplicator plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-3058 | Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-30581 | WordPress Top Bar - <= <=3.3 Broken Access Control Vulnerability |
| CVE-2025-30591 | WordPress Music Press Pro - <= <= 1.4.6 Broken Access Control Vulnerability |
| CVE-2025-30592 | WordPress Advanced Dewplayer - <= <= 1.6 Broken Access Control Vulnerability |
| CVE-2025-28994 | WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability |
| CVE-2025-28995 | WordPress Viral Loops WP Integration <= 3.8.1 - Broken Access Control Vulnerability |
| CVE-2025-28996 | WordPress GPP Slideshow <= 1.3.5 - Broken Access Control Vulnerability |
| CVE-2025-28997 | WordPress WP AutoKeyword <= 1.0 - Broken Access Control Vulnerability |
| CVE-2025-30605 | WordPress sourceplay-navermap plugin <= 0.0.2 - Broken Access Control vulnerability |
| CVE-2025-30624 | WordPress WordLift <= 3.54.4 - Broken Access Control Vulnerability |
| CVE-2025-3063 | Shopper Approved Reviews 2.0 - 2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-30636 | WordPress Accessibility Suite <= 4.19 - Broken Access Control Vulnerability |
| CVE-2025-30639 | WordPress IDonatePro Plugin <= 2.1.9 - Broken Access Control Vulnerability |
| CVE-2025-30767 | WordPress PDF for WPForms plugin <= 5.3.0 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-30772 | WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerabi... |
| CVE-2025-30790 | WordPress Chatbox Manager <= 1.2.2 - Broken Access Control Vulnerability |
| CVE-2025-30797 | WordPress Greek Multi Tool – Fix peralinks, accents, auto create menus and more plugin <= 2.3.1 - Broken Access Control Vulne... |
| CVE-2025-30803 | WordPress Just Writing Statistics plugin <= 5.3 - Broken Access Control vulnerability |
| CVE-2025-30809 | WordPress WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms plugin <= 4.8.4 - Settings Change vulnerabil... |
| CVE-2025-30817 | WordPress Z Companion plugin <= 1.0.13 - Broken Access Control vulnerability |
| CVE-2025-30821 | WordPress SNORDIAN's H5PxAPIkatchu plugin <= 0.4.14 - Broken Access Control vulnerability |
| CVE-2025-30824 | WordPress Textmetrics plugin <= 3.6.1 - Broken Access Control vulnerability |
| CVE-2025-29000 | WordPress Multi-language Responsive Contact Form plugin <= 2.8 - Broken Access Control Vulnerability |
| CVE-2025-30825 | WordPress WPC Smart Linked Products plugin <= 1.3.5 - Privilege Escalation vulnerability |
| CVE-2025-30828 | WordPress Timetics plugin <= 1.0.29 - Broken Access Control vulnerability |
| CVE-2025-30830 | WordPress Cool Author Box plugin <= 2.9.9 - Broken Access Control vulnerability |
| CVE-2025-30839 | WordPress Taxi Booking Manager for WooCommerce plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2025-30851 | WordPress Tickera plugin <= 3.5.5.2 - Broken Access Control vulnerability |
| CVE-2025-30853 | WordPress ShortPixel Adaptive Images plugin <= 3.10.0 - Broken Authentication vulnerability |
| CVE-2025-30855 | WordPress Ads by WPQuads plugin <= 2.0.87.1 - Broken Access Control Vulnerability |
| CVE-2025-30861 | WordPress Five Star Restaurant Reservations plugin <= 2.6.29 - Broken Access Control vulnerability |
| CVE-2025-30864 | WordPress Exchange Rates plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-30866 | WordPress Terms & Conditions Per Product plugin <= 1.2.15 - Broken Access Control Vulnerability |
| CVE-2025-30874 | WordPress Specific Content For Mobile plugin <= 0.5.3 - Broken Access Control vulnerability |
| CVE-2025-30877 | WordPress Quiz Cat plugin <= 3.0.8 - Broken Access Control vulnerability |
| CVE-2025-30880 | WordPress JS Help Desk plugin <= 2.9.2 - Broken Access Control vulnerability |
| CVE-2025-30881 | WordPress Big Store theme <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2025-29001 | WordPress WooCommerce Shop Page Builder plugin <= 2.27.7 - Broken Access Control Vulnerability |
| CVE-2025-29006 | WordPress Direct Checkout for WooCommerce Lite <= 1.0.3 - Broken Access Control Vulnerability |
| CVE-2025-30883 | WordPress Trust.Reviews plugin <= 2.3 - Broken Access Control vulnerability |
| CVE-2025-30887 | WordPress WpEvently Plugin <= 4.2.9 - Broken Access Control vulnerability |
| CVE-2025-30894 | WordPress WP Fast Total Search plugin <= 1.79.262 - Broken Access Control vulnerability |
| CVE-2025-30896 | WordPress WP ERP plugin <= 1.13.4 - Broken Access Control vulnerability |
| CVE-2025-30897 | WordPress Analytify plugin <= 5.5.1 - Settings Change vulnerability |
| CVE-2025-30909 | WordPress Conversios.io plugin <= 7.2.3 - Broken Access Control vulnerability |
| CVE-2025-30915 | WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.19 - Broken Access Control vulnerability |
| CVE-2025-30916 | WordPress Residential Address Detection plugin <= 2.5.4 - Broken Access Control vulnerability |
| CVE-2025-30926 | WordPress King Addons for Elementor plugin <= 24.12.58 - Broken Access Control Vulnerability |
| CVE-2025-30927 | WordPress Wordapp <= 1.7.0 - Broken Access Control Vulnerability |
| CVE-2025-30929 | WordPress fluXtore plugin <= 1.6.0 - Broken Access Control Vulnerability |
| CVE-2025-30932 | WordPress WP Compress for MainWP <= 6.30.32 - Broken Access Control Vulnerability |
| CVE-2025-30934 | WordPress 診断ジェネレータ作成プラグイン <= 1.4.16 - Broken Access Control Vulnerability |
| CVE-2025-30944 | WordPress Tablesome Table Premium <= 1.1.23 - Broken Access Control Vulnerability |
| CVE-2025-29007 | WordPress LMSACE Connect plugin <= 3.4 - Broken Access Control Vulnerability |
| CVE-2025-29010 | WordPress Behance Portfolio Manager <= 1.7.4 - Broken Access Control Vulnerability |
| CVE-2025-29012 | WordPress CF7 7 Mailchimp Add-on plugin <= 2.2 - Broken Access Control Vulnerability |
| CVE-2025-29013 | WordPress Custom Category/Post Type Post order <= 1.5.9 - Broken Access Control Vulnerability |
| CVE-2025-2907 | Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update |
| CVE-2025-30945 | WordPress Taskbuilder <= 4.0.3 - Broken Access Control Vulnerability |
| CVE-2025-30957 | WordPress Activity Plus Reloaded for BuddyPress <= 1.1.2 - Broken Access Control Vulnerability |
| CVE-2025-30958 | WordPress onOffice for WP-Websites <= 5.7 - Broken Access Control Vulnerability |
| CVE-2025-30959 | WordPress Product XML Feed Manager for WooCommerce <= 2.9.2 - Broken Access Control Vulnerability |
| CVE-2025-30960 | WordPress FS Poster plugin <= 6.5.8 - Subscriber+ Site Wide Broken Access Control vulnerability |
| CVE-2025-30974 | WordPress Post Grid Master <= 3.4.13 - Broken Access Control Vulnerability |
| CVE-2025-30978 | WordPress Slack Notifications by dorzki <= 2.0.7 - Broken Access Control Vulnerability |
| CVE-2025-30990 | WordPress ThemeHunk <= 1.1.1 - Broken Access Control Vulnerability |
| CVE-2025-30993 | WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.7 - Broken Access Control Vulnerability |
| CVE-2025-31000 | WordPress Payment QR WooCommerce <= 1.1.6 - Broken Access Control Vulnerability |
| CVE-2025-31004 | WordPress Rich Table of Contents plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2025-31012 | WordPress Age Gate <= 3.5.4 - Broken Access Control Vulnerability |
| CVE-2025-31041 | WordPress AnyTrack Affiliate Link Manager <= 1.0.4 - Broken Access Control Vulnerability |
| CVE-2025-2933 | Email Notifications for Updates <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-31469 | WordPress Clear Sucuri Cache <= 1.4 - Broken Access Control Vulnerability |
| CVE-2025-31042 | WordPress Sandwich Adsense <= 4.0.2 - Broken Access Control Vulnerability |
| CVE-2025-31063 | WordPress Wishlist <= 2.1.0 - Broken Access Control Vulnerability |
| CVE-2025-31065 | WordPress Rozario <= 1.4 - Broken Access Control Vulnerability |
| CVE-2025-31066 | WordPress Acerola <= 1.6.5 - Broken Access Control Vulnerability |
| CVE-2025-31071 | WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - Broken Access Control Vulnerability |
| CVE-2025-31171 | File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerabil... |
| CVE-2025-3124 | Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized access to private re... |
| CVE-2025-31338 | Wisdom Master Pro - Missing Authorization |
| CVE-2025-31376 | WordPress NanoSupport plugin <= 0.6.0 - Broken Access Control vulnerability |
| CVE-2025-31377 | WordPress Woo Product Feed For Marketing Channels <= 1.9.0 - Broken Access Control Vulnerability |
| CVE-2025-31381 | WordPress Booking Calendar and Notification plugin <= 4.0.3 - Broken Authentication vulnerability |
| CVE-2025-31386 | WordPress Simple:Press plugin <= 6.10.11 - Broken Access Control vulnerability |
| CVE-2025-31406 | WordPress ELEX WooCommerce Request a Quote plugin <= 2.3.3 - Broken Access Control vulnerability |
| CVE-2025-3150 | itning Student Homework Management System cross-site request forgery |
| CVE-2025-31408 | WordPress Zoho Flow plugin <= 2.13.3 - Broken Access Control vulnerability |
| CVE-2025-31415 | WordPress YayExtra <= 1.5.2 - Broken Access Control Vulnerability |
| CVE-2025-31417 | WordPress WP Docs plugin < 2.2.7 - Broken Access Control vulnerability |
| CVE-2025-31425 | WordPress WP Lead Capturing Pages plugin <= 2.3 - Arbitrary Content Deletion vulnerability |
| CVE-2025-31541 | WordPress TuriTop Booking System plugin <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2025-31544 | WordPress Swiss Toolkit For WP plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2025-31545 | WordPress Safe Ai Malware Protection for WP plugin <= 1.0.20 - Broken Access Control vulnerability |
| CVE-2025-31546 | WordPress Swiss Toolkit For WP plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2025-31555 | WordPress ContentMX Content Publisher plugin <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2025-31576 | WordPress PostmarkApp Email Integrator plugin <= 2.4 - Broken Access Control vulnerability |
| CVE-2025-31580 | WordPress Ni WooCommerce Product Enquiry plugin <= 4.1.8 - Broken Access Control vulnerability |
| CVE-2025-31581 | WordPress WP Video Playlist plugin <= 1.1.2 - Settings Change vulnerability |
| CVE-2025-31525 | WordPress WP Mobile Bottom Menu plugin <= 1.2.9 - Broken Access Control vulnerability |
| CVE-2025-31528 | WordPress StaticPress plugin <= 0.4.5 - Broken Access Control vulnerability |
| CVE-2025-31529 | WordPress Slider Path for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability |
| CVE-2025-31530 | WordPress Google SEO Pressor Snippet plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2025-31533 | WordPress Salesmate Add-On for Gravity Forms plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2025-31539 | WordPress Cryptocurrency Widgets Pack plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2025-31540 | WordPress ACME Divi Modules plugin <= 1.3.5 - Broken Access Control vulnerability |
| CVE-2025-31780 | WordPress Append Content plugin <= 2.1.1 - CSRF to Settings Change vulnerability |
| CVE-2025-31781 | WordPress Gift Cards for WooCommerce plugin <= 1.5.8 - Broken Access Control vulnerability |
| CVE-2025-31782 | WordPress mb.YTPlayer plugin <= 3.3.8 - Broken Access Control vulnerability |
| CVE-2025-31786 | WordPress Simple Icons plugin <= 2.8.4 - Broken Access Control vulnerability |
| CVE-2025-31787 | WordPress Cue by AudioTheme.com plugin <= 2.4.4 - Broken Access Control vulnerability |
| CVE-2025-31789 | WordPress TextMe SMS plugin <= 1.9.1 - Broken Access Control vulnerability |
| CVE-2025-31791 | WordPress Pin Generator Plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2025-31794 | WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Arbitrary Content Deletion vulnerability |
| CVE-2025-31795 | WordPress Shopify to WooCommerce Migration plugin <= 1.3.0 - Settings Change vulnerability |
| CVE-2025-31798 | WordPress Publitio Plugin <= 2.1.8 - Broken Access Control vulnerability |
| CVE-2025-31799 | WordPress Publitio plugin <= 2.1.8 - Broken Access Control vulnerability |
| CVE-2025-31802 | WordPress Shiptimize for WooCommerce plugin <= 3.1.86 - Settings Change vulnerability |
| CVE-2025-31810 | WordPress Question Answer Plugin <= 1.2.70 - Broken Access Control vulnerability |
| CVE-2025-31816 | WordPress Mobile App Canvas Plugin <= 3.8.1 - Broken Access Control vulnerability |
| CVE-2025-31820 | WordPress Automatic Featured Images from Videos plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2025-31822 | WordPress WordPress Simple HTML Sitemap plugin <= 3.2 - Broken Access Control vulnerability |
| CVE-2025-31826 | WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Broken Access Control vulnerability |
| CVE-2025-31830 | WordPress Printus Plugin <= 1.2.6 - Broken Access Control vulnerability |
| CVE-2025-31831 | WordPress AtomChat plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-31834 | WordPress JobBoard Job listing plugin Plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2025-31836 | WordPress Review Manager Plugin <= 2.2.0 - Broken Access Control vulnerability |
| CVE-2025-31841 | WordPress FPW Category Thumbnails Plugin <= 1.9.5 - Broken Access Control vulnerability |
| CVE-2025-31843 | WordPress OpenAI Tools for WordPress & WooCommerce plugin <= 2.1.5 - Broken Access Control vulnerability |
| CVE-2025-31846 | WordPress Theater for WordPress plugin <= 0.18.7 - Broken Access Control vulnerability |
| CVE-2025-31848 | WordPress WordPress Adverts Plugin plugin <= 1.4 - Broken Access Control vulnerability |
| CVE-2025-31854 | WordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.5 - Broken Access Control vulnerability |
| CVE-2025-31856 | WordPress Export All Post Meta Plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2025-31858 | WordPress Local Magic Plugin <= 2.6.0 - Broken Access Control vulnerability |
| CVE-2025-31862 | WordPress Job Board Manager Plugin <= 2.1.60 - Broken Access Control vulnerability |
| CVE-2025-31863 | WordPress Agency Toolkit plugin <= 1.0.23 - Broken Access Control vulnerability |
| CVE-2025-31865 | WordPress CartBoss plugin <= 4.1.2 - Broken Access Control vulnerability |
| CVE-2025-31866 | WordPress ShipDepot for WooCommerce plugin <= 1.2.19 - Broken Access Control vulnerability |
| CVE-2025-31868 | WordPress JS Job Manager plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2025-31870 | WordPress WP AutoKeyword plugin <= 1.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-31872 | WordPress WP Clone any post type Plugin <= 3.4 - Broken Access Control vulnerability |
| CVE-2025-31876 | WordPress Payday plugin <= 3.3.12 - Broken Access Control vulnerability |
| CVE-2025-31877 | WordPress RestroPress plugin <= 3.1.8.4 - Broken Access Control vulnerability |
| CVE-2025-31878 | WordPress UPC/EAN/GTIN Code Generator plugin <= 2.0.2 - Settings Change vulnerability |
| CVE-2025-31879 | WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Settings Change vulnerability |
| CVE-2025-31881 | WordPress Pearl plugin <= 1.3.9 - Broken Access Control vulnerability |
| CVE-2025-31882 | WordPress WordPress Webinar Plugin <= 1.33.27 - Broken Access Control vulnerability |
| CVE-2025-31886 | WordPress Social proof testimonials and reviews by Repuso plugin <= 5.21 - Broken Access Control vulnerability |
| CVE-2025-31887 | WordPress MyBookProgress plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2025-31896 | WordPress GetBookingsWP Plugin <= 1.1.27 - Broken Access Control vulnerability |
| CVE-2025-31909 | WordPress Apptivo Business Site CRM plugin <= 5.3 - Arbitrary Content Deletion vulnerability |
| CVE-2025-31923 | WordPress CSS3 Accordions for WordPress <= 3.0 - Broken Access Control Vulnerability |
| CVE-2025-32045 | Moodle: hidden grades shown to users without permission on some grade reports |
| CVE-2025-32147 | WordPress Easy WP Optimizer Plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2025-32178 | WordPress 6Storage Rentals Plugin <= 2.18.0 - Broken Access Control vulnerability |
| CVE-2025-32180 | WordPress CSS3 Tooltips for WordPress <= 1.8 - Broken Access Control Vulnerability |
| CVE-2025-32201 | WordPress Xpro Theme Builder Plugin <= 1.2.8.3 - Broken Access Control vulnerability |
| CVE-2025-32208 | WordPress Hive Support plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-32210 | WordPress CM Registration and Invitation Codes plugin <= 2.5.2 - Broken Access Control vulnerability |
| CVE-2025-32212 | WordPress Specia Companion plugin <= 4.6 - Broken Access Control vulnerability |
| CVE-2025-32213 | WordPress Flo Forms plugin <= 1.0.43 - Broken Access Control vulnerability |
| CVE-2025-32216 | WordPress Spider Elements – Addons for Elementor plugin <= 1.6.2 - Broken Access Control vulnerability |
| CVE-2025-32217 | WordPress Ai Image Alt Text Generator for WP plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2025-32218 | WordPress TableOn – WordPress Posts Table Filterable Plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-32219 | WordPress eaSYNC plugin <= 1.3.19 - Broken Access Control vulnerability |
| CVE-2025-32220 | WordPress Salon Booking System plugin <= 10.10.7 - Broken Access Control vulnerability |
| CVE-2025-32221 | WordPress EazyDocs plugin <= 2.6.4 - Broken Access Control vulnerability |
| CVE-2025-32224 | WordPress Privyr CRM plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-32225 | WordPress WP Event Manager plugin <= 3.1.47 - Broken Access Control vulnerability |
| CVE-2025-32226 | WordPress Display product variations dropdown on shop page plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2025-32229 | WordPress Variable Inspector plugin <= 2.6.3 - Broken Access Control vulnerability |
| CVE-2025-32231 | WordPress Bookingor plugin <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2025-32232 | WordPress StaffList plugin <= 3.2.6 - Broken Access Control vulnerability |
| CVE-2025-32233 | WordPress Revive.so <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2025-32234 | WordPress AdMail plugin <= 1.7.0 - Broken Access Control vulnerability |
| CVE-2025-32235 | WordPress MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin <= 5.9.4 - Broken Access Control vulnerabi... |
| CVE-2025-32236 | WordPress Woocommerce Products Reorder Drag Drop Multiple Sort plugin <= 1.9 - Broken Access Control vulnerability |
| CVE-2025-32237 | WordPress MasterStudy LMS plugin <= 3.5.23 - Broken Access Control vulnerability |
| CVE-2025-32239 | WordPress Social Share Buttons & Analytics Plugin plugin <= 4.5 - Broken Access Control vulnerability |
| CVE-2025-32240 | WordPress Site Notify <= 1.0 - Broken Access Control Vulnerability |
| CVE-2025-32242 | WordPress Hive Support plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-32243 | WordPress Internal Link Optimiser plugin <= 5.1.2 - Settings Change vulnerability |
| CVE-2025-32244 | WordPress SEO Help plugin <= 6.6.1 - Broken Access Control vulnerability |
| CVE-2025-32246 | WordPress 1-Click Backup & Restore Database <= 1.0.3 - Broken Access Control Vulnerability |
| CVE-2025-32252 | WordPress WP Genealogy plugin <= 0.1.9 - Broken Access Control vulnerability |
| CVE-2025-32253 | WordPress Course Booking System Plugin <= 6.0.5 - Broken Access Control vulnerability |
| CVE-2025-32254 | WordPress WPBookit plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-32256 | WordPress SurveyJS plugin <= 1.12.20 - Broken Access Control vulnerability |
| CVE-2025-32258 | WordPress Simple Website Logo plugin <= 1.1 - Broken Access Control vulnerability |
| CVE-2025-32259 | WordPress WP ULike plugin <= 4.7.9.1 - Content Spoofing Vulnerability |
| CVE-2025-32260 | WordPress DethemeKit For Elementor plugin <= 2.1.10 - Broken Access Control vulnerability |
| CVE-2025-32277 | WordPress RepairBuddy plugin <= 3.8211 - Broken Access Control vulnerability |
| CVE-2025-32279 | WordPress Live Forms plugin <= 4.8.5 - Broken Access Control vulnerability |
| CVE-2025-32281 | WordPress WPKit For Elementor plugin <= 1.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2025-32295 | WordPress Salon Booking Wordpress plugin <= 10.10.2 - Broken Access Control vulnerability |
| CVE-2025-32296 | WordPress Simple Link Directory Pro plugin <= 14.7.3 - Broken Access Control Vulnerability |
| CVE-2025-32308 | WordPress Team Builder <= 1.5.7 - Broken Access Control Vulnerability |
| CVE-2025-32542 | WordPress Eazy Plugin Manager plugin <= 4.3.0 - Broken Access Control vulnerability |
| CVE-2025-32544 | WordPress WooCommerce Loyal Customers plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2025-3257 | xujiangfei admintwo updateSet cross-site request forgery |
| CVE-2025-32593 | WordPress Add Product Frontend for WooCommerce plugin <= 1.0.6 - Arbitrary Content Deletion vulnerability |
| CVE-2025-32620 | WordPress Doppler Forms plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2025-32624 | WordPress Czater.pl – live chat i telefon plugin <= 1.0.5 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2025-32684 | WordPress MapSVG Lite plugin <= 8.5.32 - Broken Access Control Vulnerability |
| CVE-2025-32688 | WordPress Target Video Easy Publish plugin <= 3.8.8 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-32929 | WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerability |
| CVE-2025-32973 | org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right |
| CVE-2025-33182 | NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corr... |
| CVE-2025-33185 | NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure. A successfu... |
| CVE-2025-3417 | Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-3437 | Motors – Car Dealership & Classified Listings Plugin <= 1.4.66 - Missing Authorization to Authenticated (Subscriber+) Wizard... |
| CVE-2025-3452 | SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation |
| CVE-2025-3527 | EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cros... |
| CVE-2025-3557 | ScriptAndTools eCommerce-website-in-PHP cross-site request forgery |
| CVE-2025-3561 | ghostxbh uzy-ssm-mall cross-site request forgery |
| CVE-2025-3604 | Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover |
| CVE-2025-3624 | Missing Authorization Vulnerability in Hitachi Ops Center Analyzer |
| CVE-2025-36361 | IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA |
| CVE-2025-36367 | IBM i is affected by a privilege escalation in IBM i SQL services |
| CVE-2025-36756 | Device Takeover vulnerability in SolaX Cloud |
| CVE-2025-3687 | misstt123 oasys Sticky Notes cross-site request forgery |
| CVE-2025-3701 | WordPress Malcure Malware Scanner plugin <= 16.8 - Broken Access Control vulnerability |
| CVE-2025-3702 | WordPress Melapress File Monitor plugin < 2.2.0 - Broken Access Control vulnerability |
| CVE-2025-3746 | OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation |
| CVE-2025-3766 | Login Lockdown & Protection <= 2.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting |
| CVE-2025-3780 | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 - Missing Authorizatio... |
| CVE-2025-3808 | zhenfeng13 My-BBS cross-site request forgery |
| CVE-2025-3843 | panhainan DS-Java cross-site request forgery |
| CVE-2025-3863 | Post Carousel Slider for Elementor <= 1.6.0 - Authenticated (Subscriber+) Missing Authorization via process_wbelps_promo_form... |
| CVE-2025-3871 | Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT 7.8.0 and earlier |
| CVE-2025-3876 | SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCrea... |
| CVE-2025-3906 | Integração entre Eduzz e Woocommerce 1.5.0 - 1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalatio... |
| CVE-2025-3912 | WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive... |
| CVE-2025-3915 | Aeropage Sync for Airtable <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion |
| CVE-2025-39350 | WordPress wProject theme < 5.8.0 - Unauthenticated Post/Comment/Attachment Modification/Deletion vulnerability |
| CVE-2025-39352 | WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability |
| CVE-2025-39353 | WordPress Grand Restaurant WordPress theme <= 7.0 - Broken Access Control vulnerability |
| CVE-2025-39362 | WordPress Mollie Payments for WooCommerce plugin <= 8.0.2 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2025-39367 | WordPress Kleo theme < 5.4.4 - Broken Access Control vulnerability |
| CVE-2025-39368 | WordPress Rootspersona plugin <= 3.7.5 - Broken Access Control vulnerability |
| CVE-2025-39373 | WordPress JNews theme <= 11.6.5 - Broken Access Control vulnerability |
| CVE-2025-39376 | WordPress Car Park Booking System for WordPress plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2025-39385 | WordPress Sirat theme <= 1.5.1 - Broken Access Control vulnerability |
| CVE-2025-39388 | WordPress AnalyticsWP plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2025-39390 | WordPress Booking and Rental Manager plugin <= 2.3.8 - Broken Access Control vulnerability |
| CVE-2025-39398 | WordPress Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue theme <= 4.2.2 - Broken Access Control vulnerability |
| CVE-2025-39412 | WordPress Master Slider plugin <= 3.10.8 - Broken Access Control vulnerability |
| CVE-2025-39413 | WordPress Simple Sitemap – Create a Responsive HTML Sitemap plugin <= 3.5.14 - Broken Access Control vulnerability |
| CVE-2025-39447 | WordPress JetElements For Elementor <= 2.7.4.1 - Broken Access Control Vulnerability |
| CVE-2025-39449 | WordPress JetWooBuilder <= 2.1.18 - Broken Access Control Vulnerability |
| CVE-2025-39451 | WordPress JetBlocks For Elementor <= 1.3.16 - Broken Access Control Vulnerability |
| CVE-2025-39454 | WordPress Name Directory plugin <= 1.30.0 - Broken Access Control vulnerability |
| CVE-2025-39456 | WordPress WP Logger plugin <= 2.2 - Broken Access Control vulnerability |
| CVE-2025-39457 | WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability |
| CVE-2025-39460 | WordPress Eduma theme <= 5.6.4 - Broken Access Control vulnerability |
| CVE-2025-39465 | WordPress Advanced Google Maps plugin <= 5.8.4 - Broken Access Control vulnerability |
| CVE-2025-39482 | WordPress Eventer - WordPress Event & Booking Manager Plugin plugin <= 3.9.6 - Broken Access Control vulnerability |
| CVE-2025-3949 | Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.15 - Missing Au... |
| CVE-2025-39493 | WordPress Rankie <= 1.8.0 - Broken Access Control Vulnerability |
| CVE-2025-39511 | WordPress Pinterest Automatic Pin <= 4.18.2 - Broken Access Control Vulnerability |
| CVE-2025-39513 | WordPress ActiveDEMAND <= 0.2.46 - Broken Access Control Vulnerability |
| CVE-2025-3952 | Projectopia – WordPress Project Management <= 5.1.16 - Missing Authorization to Authenticated (Subscriber+) Arbitrary O... |
| CVE-2025-39522 | WordPress Dynamic Post <= 4.10 - Settings Change Vulnerability |
| CVE-2025-3953 | WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subsc... |
| CVE-2025-39531 | WordPress Slazzer Background Changer <= 3.14 - Broken Access Control Vulnerability |
| CVE-2025-39532 | WordPress Spice Blocks <= 2.0.7.1 - Broken Access Control Vulnerability |
| CVE-2025-39533 | WordPress Starfish Review Generation & Marketing plugin <= 3.1.14 - Arbitrary Option Update to Privilege Escalation vulnerabi... |
| CVE-2025-39536 | WordPress JobHunt Job Alerts <= 3.6 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-39541 | WordPress WP Simple Booking Calendar plugin <= 2.0.13 - Broken Access Control vulnerability |
| CVE-2025-39545 | WordPress WordPress REST API Authentication <= 3.6.3 - Settings Change Vulnerability |
| CVE-2025-39552 | WordPress Zephyr Project Manager <= 3.3.200 - Broken Access Control Vulnerability |
| CVE-2025-39553 | WordPress Church Admin plugin <= 5.0.9 - Sensitive Data Exposure vulnerability |
| CVE-2025-39554 | WordPress AI Text to Speech plugin <= 3.0.3 - Broken Access Control vulnerability |
| CVE-2025-39559 | WordPress Bring Fraktguiden for WooCommerce plugin <= 1.11.4 - Broken Access Control vulnerability |
| CVE-2025-39560 | WordPress Live Forms plugin <= 4.8.4 - Broken Access Control vulnerability |
| CVE-2025-39571 | WordPress WowStore <= 4.2.4 - Broken Access Control Vulnerability |
| CVE-2025-39580 | WordPress Dashi <= 3.1.8 - Broken Access Control Vulnerability |
| CVE-2025-39583 | WordPress BERTHA AI <= 1.12.10.2 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-3959 | withstars Books-Management-System reader_delete.html cross-site request forgery |
| CVE-2025-39591 | WordPress WP Subscription Forms <= 1.2.3 - Broken Access Control Vulnerability |
| CVE-2025-3960 | withstars Books-Management-System Background Interface allreaders.html authorization |
| CVE-2025-39602 | WordPress WooCommerce Product Table Lite plugin <= 3.9.5 - Broken Access Control vulnerability |
| CVE-2025-3963 | withstars Books-Management-System Background Interface list authorization |
| CVE-2025-3964 | withstars Books-Management-System Article del cross-site request forgery |
| CVE-2025-3979 | dazhouda lecms Password Change index.php cross-site request forgery |
| CVE-2025-3997 | dazhouda lecms Personal Information Page index.php cross-site request forgery |
| CVE-2025-4046 | Missing Authorization in Lexmark Cloud Services badge management |
| CVE-2025-4047 | Broken Link Checker <= 2.4.4 - Missing Autorization to Authenticated (Subscriber+) Plugin Status Dashboard View |
| CVE-2025-40667 | Missing authorization vulnerability in TCMAN GIM v11 |
| CVE-2025-40673 | Missing Authorization in DinoRANK |
| CVE-2025-40837 | Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability |
| CVE-2025-4095 | Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile |
| CVE-2025-4105 | Splitit <= 4.2.8 - Missing Authorization to Multiple Administrative Actions |
| CVE-2025-41111 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41112 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41113 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41114 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41335 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41336 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41337 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41338 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41339 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41340 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41341 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41342 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41343 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41344 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41345 | Missing Authorization vulnerability in CanalDenuncia.app |
| CVE-2025-41410 | Slack import bypasses email verification for team access controls |
| CVE-2025-41443 | Guest user can discover active public channels |
| CVE-2025-41698 | Draeger: ICMHelper is vulnerable to a privilege escalation due too missing authorization |
| CVE-2025-4177 | Flynax Bridge <= 2.2.0 - Unauthenticated Arbitrary User Deletion |
| CVE-2025-4179 | Flynax Bridge <= 2.2.0 - Unauthenticated Limited Privilege Escalation |
| CVE-2025-4282 | SourceCodester/oretnom23 Stock Management System Users.php cross-site request forgery |
| CVE-2025-42882 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42899 | Missing Authorization check in SAP S4CORE (Manage Journal Entries) |
| CVE-2025-42911 | Missing Authorization check in SAP NetWeaver (Service Data Download) |
| CVE-2025-42912 | Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application) |
| CVE-2025-42913 | Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application) |
| CVE-2025-42914 | Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application) |
| CVE-2025-42915 | Missing Authorization Check in Fiori app (Manage Payment Blocks) |
| CVE-2025-42917 | Missing Authorization check in SAP HCM (Approve Timesheets Fiori 2.0 application) |
| CVE-2025-42918 | Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing) |
| CVE-2025-42949 | Missing Authorization check in ABAP Platform |
| CVE-2025-42952 | Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis |
| CVE-2025-42953 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42955 | Missing authorization check in SAP Cloud Connector |
| CVE-2025-42960 | Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx Tools |
| CVE-2025-42961 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42968 | Missing Authorization check in SAP NetWeaver (RFC enabled function module) |
| CVE-2025-42974 | Missing Authorization Check in SAP NetWeaver and ABAP Platform (SDCCN) |
| CVE-2025-42982 | Information Disclosure in SAP GRC (AC Plugin) |
| CVE-2025-42983 | Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis |
| CVE-2025-42984 | Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application) |
| CVE-2025-42986 | Missing Authorization check in SAP NetWeaver and ABAP Platform |
| CVE-2025-42987 | Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement) |
| CVE-2025-42989 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42991 | Missing Authorization check in SAP S/4HANA (Bank Account Application) |
| CVE-2025-42993 | Missing Authorization Check in SAP S/4HANA (Enterprise Event Enablement) |
| CVE-2025-43000 | Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW) |
| CVE-2025-43004 | Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard) |
| CVE-2025-43007 | Missing Authorization check in SAP Service Parts Management (SPM) |
| CVE-2025-43008 | Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal |
| CVE-2025-43009 | Missing Authorization check in SAP Service Parts Management (SPM) |
| CVE-2025-43011 | Missing Authorization Check in SAP Landscape Transformation (PCL Basis) |
| CVE-2025-4327 | MRCMS cross-site request forgery |
| CVE-2025-4339 | TheGem <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update |
| CVE-2025-4370 | Brizy <= 2.6.20 - Missing Authorization to Unauthenticated Limited File Upload |
| CVE-2025-43773 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7... |
| CVE-2025-43788 | The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 upd... |
| CVE-2025-43805 | Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and... |
| CVE-2025-43838 | WordPress Custom PC Builder Lite for WooCommerce <= 1.0.1 - Settings Change Vulnerability |
| CVE-2025-43862 | Dify Allows Unauthorized Access and Modification of APP Orchestration |
| CVE-2025-44001 | Unauthorized Channel Subscription Read in Mattermost Confluence Plugin |
| CVE-2025-4430 | Unauthorized file manipulation in EZD RP |
| CVE-2025-4477 | TeamT5 ThreatSonar Anti-Ransomware - Privilege Escalation |
| CVE-2025-4520 | Uncanny Automator <= 6.4.0.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update |
| CVE-2025-4522 | IDonate 2.0.0 - 2.1.9 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion via admin_pos... |
| CVE-2025-4571 | GiveWP – Donation Plugin and Fundraising Platform <= 4.3.0 - Missing Authorization To Authenticated (Contributor+) Campaign D... |
| CVE-2025-31584 | WordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-31596 | WordPress Chat by Chatwee plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2025-31603 | WordPress CF7 Spreadsheets plugin <= 2.3.2 - Settings Change vulnerability |
| CVE-2025-31606 | WordPress SP Blog Designer plugin <= 1.0.0 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-31609 | WordPress WPCargo Track & Trace plugin <= 7.0.6 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2025-31611 | WordPress Auto Post After Image Upload plugin <= 1.6 - Broken Access Control vulnerability |
| CVE-2025-31618 | WordPress Connector to CiviCRM with CiviMcRestFace plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-31628 | WordPress Sliced Invoices plugin <= 3.9.4 - Broken Access Control vulnerability |
| CVE-2025-31630 | WordPress The Business <= 1.6.1 - Broken Access Control Vulnerability |
| CVE-2025-31678 | AI (Artificial Intelligence) - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-004 |
| CVE-2025-31681 | Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009 |
| CVE-2025-31685 | Open Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014 |
| CVE-2025-31686 | Open Social - Less critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-015 |
| CVE-2025-31691 | OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020 |
| CVE-2025-31729 | WordPress WooTumblog plugin <= 2.1.4 - Content Injection vulnerability |
| CVE-2025-31732 | WordPress GB Gallery Slideshow plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2025-31736 | WordPress Rich Text Editor Plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-31739 | WordPress Minimalistic Event Manager plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2025-31746 | WordPress Clients plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2025-31752 | WordPress Bulk Fields Editor plugin <= 1.8.0 - Broken Access Control vulnerability |
| CVE-2025-31755 | WordPress pCloud Backup plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-31757 | WordPress Free Woocommerce Product Table View plugin <= 1.78 - Broken Access Control vulnerability |
| CVE-2025-31758 | WordPress Free Woocommerce Product Table View plugin <= 1.78 - Arbitrary Content Deletion vulnerability |
| CVE-2025-31765 | WordPress GDPR Cookie Notice plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2025-31768 | WordPress Widget Manager Light plugin <= 1.18 - Broken Access Control vulnerability |
| CVE-2025-31773 | WordPress Ship Per Product plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2025-31774 | WordPress Astra Security Suite plugin<= 0.2 - Broken Access Control vulnerability |
| CVE-2025-31777 | WordPress Clockinator Lite plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2025-49268 | WordPress Verge3D <= 4.9.4 - Broken Access Control Vulnerability |
| CVE-2025-49270 | WordPress WP-CRM System <= 3.4.2 - Broken Access Control Vulnerability |
| CVE-2025-49272 | WordPress Trinity Audio <= 5.20.0 - Broken Access Control Vulnerability |
| CVE-2025-49287 | WordPress Product Feed for WooCommerce <= 2.2.8 - Broken Access Control Vulnerability |
| CVE-2025-49288 | WordPress Ultimate WP Mail <= 1.3.5 - Broken Access Control Vulnerability |
| CVE-2025-49289 | WordPress PDF for WPForms <= 5.5.0 - Broken Access Control Vulnerability |
| CVE-2025-49293 | WordPress Crawlomatic Multisite Scraper Post Generator <= 2.6.8.2 - Broken Access Control Vulnerability |
| CVE-2025-49319 | WordPress Wishlist for WooCommerce <= 3.2.3 - Broken Access Control Vulnerability |
| CVE-2025-49320 | WordPress FraudLabs Pro for WooCommerce <= 2.22.11 - Broken Access Control Vulnerability |
| CVE-2025-49324 | WordPress Job Board Manager <= 2.1.60 - Broken Access Control Vulnerability |
| CVE-2025-49348 | WordPress Hype plugin <= 1.0.5 - Broken Access Control vulnerability |
| CVE-2025-49350 | WordPress Actionwear products sync plugin <= 2.3.3 - Broken Access Control vulnerability |
| CVE-2025-49376 | WordPress DELUCKS SEO plugin <= 2.5.9 - Broken Access Control vulnerability |
| CVE-2025-49377 | WordPress Hydra Booking plugin <= 1.1.9 - Broken Access Control vulnerability |
| CVE-2025-49394 | WordPress Image Gallery block – Create and display photo gallery/photo album. plugin <= 1.0.7 - Broken Authentication vulnera... |
| CVE-2025-49396 | WordPress Themify Builder Plugin <= 7.6.7 - Broken Access Control Vulnerability |
| CVE-2025-49402 | WordPress Houzez CRM Plugin <= 1.4.7 - Broken Access Control Vulnerability |
| CVE-2025-49406 | WordPress Houzez Theme <= 4.1.1 - Broken Access Control Vulnerability |
| CVE-2025-49431 | WordPress MF Plus WPML <= 1.1 - Settings Change Vulnerability |
| CVE-2025-49432 | WordPress Ultimate Video Player Plugin <= 10.1 - Broken Access Control Vulnerability |
| CVE-2025-49441 | WordPress Interactive Regional Map of Florida <= 1.0 - Broken Access Control Vulnerability |
| CVE-2025-49459 | Zoom Workplace for Windows on ARM - Missing Authorization |
| CVE-2025-49509 | WordPress Audio Editor & Recorder plugin <= 2.2.1 - Broken Access Control vulnerability |
| CVE-2025-49651 | Missing Authorization for Interactive Sessions |
| CVE-2025-49723 | Windows StateRepository API Server file Tampering Vulnerability |
| CVE-2025-49747 | Azure Machine Learning Elevation of Privilege Vulnerability |
| CVE-2025-49829 | Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations |
| CVE-2025-49857 | WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability |
| CVE-2025-49860 | WordPress Majestic Support plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2025-49864 | WordPress AFS Analytics plugin <= 4.21 - Broken Access Control Vulnerability |
| CVE-2025-46348 | YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download |
| CVE-2025-46470 | WordPress Smart Hashtags [#hashtagger] <= 7.2.3 - Broken Access Control Vulnerability |
| CVE-2025-46485 | WordPress WP Customize Login Page <= 1.6.5 - Broken Access Control Vulnerability |
| CVE-2025-46488 | WordPress Visual Builder plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-46489 | WordPress Bulk Assign Linked Products For WooCommerce <= 2.1 - Broken Access Control Vulnerability |
| CVE-2025-46519 | WordPress Media Library Downloader <= 1.3.1 - Broken Access Control Vulnerability |
| CVE-2025-46535 | WordPress Custom Login and Registration plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2025-46554 | XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API |
| CVE-2025-46557 | Any user with view access to the XWiki space can change the authenticator |
| CVE-2025-46586 | Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect avai... |
| CVE-2025-46745 | Improper Privilege Management |
| CVE-2025-46811 | SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint |
| CVE-2025-46823 | OpenMRS has Vulnerability in FHIR2 Module Privileges |
| CVE-2025-4683 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) P... |
| CVE-2025-47450 | WordPress Simple File List <= 6.1.13 - Settings Change Vulnerability |
| CVE-2025-47457 | WordPress LocateAndFilter <= 1.6.16 - Broken Access Control Vulnerability |
| CVE-2025-47463 | WordPress Stock Locations for WooCommerce <= 2.8.6 - Broken Access Control Vulnerability |
| CVE-2025-47465 | WordPress Blocksy <= 2.0.97 - Broken Access Control Vulnerability |
| CVE-2025-47467 | WordPress GS Testimonial Slider <= 3.3.0 - Broken Access Control Vulnerability |
| CVE-2025-47469 | WordPress Media Hygiene <= 4.0.0 - Broken Access Control Vulnerability |
| CVE-2025-47471 | WordPress Envo Extra <= 1.9.9 - Broken Access Control Vulnerability |
| CVE-2025-47472 | WordPress Music Player for WooCommerce <= 1.5.1 - Broken Access Control Vulnerability |
| CVE-2025-47480 | WordPress Graphina <= 3.0.4 - Broken Access Control Vulnerability |
| CVE-2025-47485 | WordPress Cozy Blocks <= 2.1.22 - Broken Access Control Vulnerability |
| CVE-2025-47486 | WordPress Gutenberg & Elementor Templates Importer For Responsive <= 3.1.9 - Broken Access Control Vulnerability |
| CVE-2025-47526 | WordPress GS Variation Swatches for WooCommerce <= 3.0.4 - Broken Access Control Vulnerability |
| CVE-2025-47527 | WordPress Icegram Collect – Easy Form, Lead Collection and Subscription plugin <= 1.3.18 - Broken Access Control Vulnerabilit... |
| CVE-2025-47528 | WordPress Ovation Elements <= 1.1.2 - Broken Access Control Vulnerability |
| CVE-2025-47529 | WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settings Change Vulnerability |
| CVE-2025-47534 | WordPress Wordpress Auto Spinner <= 3.25.0 - Broken Access Control Vulnerability |
| CVE-2025-47556 | WordPress CSS3 Compare Pricing Tables for WordPress <= 11.5 - Broken Access Control Vulnerability |
| CVE-2025-47558 | WordPress MapSVG plugin < 8.6.13 - Broken Access Control vulnerability |
| CVE-2025-47560 | WordPress MapSVG plugin < 8.6.13 - Broken Access Control Vulnerability |
| CVE-2025-47563 | WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-47564 | WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability |
| CVE-2025-47565 | WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability |
| CVE-2025-47580 | WordPress Front End Users plugin <= 3.2.32 - Sensitive Data Exposure vulnerability |
| CVE-2025-47585 | WordPress Booking and Rental Manager <= 2.3.8 - Broken Access Control Vulnerability |
| CVE-2025-47591 | WordPress Bulk Featured Image <= 1.2.1 - Broken Access Control Vulnerability |
| CVE-2025-47601 | WordPress MaxiBlocks plugin <= 2.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2025-47602 | WordPress Calculate Prices based on Distance For WooCommerce <= 1.3.5 - Broken Access Control Vulnerability |
| CVE-2025-47612 | WordPress ClickWhale <= 2.4.6 - Broken Access Control Vulnerability |
| CVE-2025-47619 | WordPress 6Storage Rentals <= 2.19.4 - Broken Access Control Vulnerability |
| CVE-2025-47628 | WordPress QS Dark Mode <= 3.0 - Broken Access Control Vulnerability |
| CVE-2025-47634 | WordPress WC Pickup Store <= 1.8.9 - Settings Change Vulnerability |
| CVE-2025-47688 | WordPress Advanced File Manager plugin <= 5.3.1 - Broken Access Control to Notice Dismissal vulnerability |
| CVE-2025-47690 | WordPress Lead Form Data Collection to CRM plugin <= 3.1 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2025-47692 | WordPress ContentStudio <= 1.3.3 - Broken Access Control Vulnerability |
| CVE-2025-47709 | Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055 |
| CVE-2025-47942 | Learners on edX Platform can download python_lib.zip |
| CVE-2025-48009 | Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060 |
| CVE-2025-48013 | Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065 |
| CVE-2025-22671 | WordPress Disable Elementor Editor Translation plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2025-22673 | WordPress EAN Barcode Generator <= 5.3.5 - Broken Access Control vulnerability |
| CVE-2025-22677 | WordPress Uix Shortcodes plugin <= 2.0.3 - Arbitrary Shortcode Execution vulnerability |
| CVE-2025-22681 | WordPress Content Cloner plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-22686 | WordPress CF7 Google Sheets Connector plugin <= 5.0.17 - Broken Access Control vulnerability |
| CVE-2025-22694 | WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability |
| CVE-2025-22696 | WordPress Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin <= 1.1.0 - Broken Access Control vulner... |
| CVE-2025-22698 | WordPress Accessibility Suite by Ability, Inc plugin <= 4.16 - Multiple Broken Access Control vulnerability |
| CVE-2025-22702 | WordPress Photography theme <= 7.5.2 - Broken Access Control vulnerability |
| CVE-2025-22717 | WordPress My Tickets plugin <= 2.0.9 - Broken Access Control vulnerability |
| CVE-2025-22720 | WordPress WpRently | WordPress plugin plugin <= 2.2.1 - Broken Access Control vulnerability |
| CVE-2025-22721 | WordPress ApplyOnline plugin <= 2.6.7.1 - Broken Access Control vulnerability |
| CVE-2025-22722 | WordPress Widget Options plugin <= 4.0.8 - Broken Access Control to Notice Dimissal vulnerability |
| CVE-2025-22729 | WordPress VOD Infomaniak plugin <= 1.5.9 - Broken Access Control vulnerability |
| CVE-2025-22730 | WordPress Ksher plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2025-22737 | WordPress WpTravelly Plugin <= 1.8.5 - Broken Access Control vulnerability |
| CVE-2025-48155 | WordPress Residential Address Detection plugin <= 2.5.9 - Broken Access Control Vulnerability |
| CVE-2025-48166 | WordPress Stop and Block bots plugin Anti bots <= 1.48 - Broken Access Control Vulnerability |
| CVE-2025-48167 | WordPress Chatbox Manager plugin <= 1.2.5 - Broken Access Control Vulnerability |
| CVE-2025-48242 | WordPress Legal Pages <= 1.4.5 - Broken Access Control Vulnerability |
| CVE-2025-48246 | WordPress The Events Calendar <= 6.11.2.1 - Broken Access Control Vulnerability |
| CVE-2025-48247 | WordPress Shortlinks by Pretty Links <= 3.6.15 - Broken Access Control Vulnerability |
| CVE-2025-48257 | WordPress Projectopia <= 5.1.17 - Broken Access Control Vulnerability |
| CVE-2025-48260 | WordPress GDPR CCPA Compliance Support <= 2.7.3 - Broken Access Control Vulnerability |
| CVE-2025-48262 | WordPress Url Rewrite Analyzer <= 1.3.3 - Broken Access Control Vulnerability |
| CVE-2025-48268 | WordPress Bot for Telegram on WooCommerce <= 1.2.6 - Broken Access Control Vulnerability |
| CVE-2025-48271 | WordPress Leadinfo <= 1.1 - Settings Change Vulnerability |
| CVE-2025-48272 | WordPress WP Job Portal <= 2.3.2 - Insecure Direct Object References (IDOR) Vulnerability |
| CVE-2025-48275 | WordPress Visual Header <= 1.3 - Broken Access Control Vulnerability |
| CVE-2025-48282 | WordPress Majestic Support <= 1.1.0 - Broken Access Control Vulnerability |
| CVE-2025-48326 | WordPress Acclectic Media Organizer Plugin <= 1.4 - Broken Access Control Vulnerability |
| CVE-2025-48327 | WordPress WP Mailgun SMTP plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2025-48334 | WordPress Woo Slider Pro <= 1.12 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-48335 | WordPress Responsive Plus plugin <= 3.2.0 - Broken Access Control vulnerability |
| CVE-2025-48337 | WordPress QuickCab plugin <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2025-48339 | WordPress Profiler - What Slowing Down Your WP <= 1.0.0 - Broken Access Control Vulnerability |
| CVE-2025-48346 | WordPress Embed and Integrate Etsy Shop <= 1.0.4 - Broken Access Control Vulnerability |
| CVE-2025-48350 | WordPress AutoWP plugin <= 2.2.2 - Broken Access Control vulnerability |
| CVE-2025-48444 | Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-064 |
| CVE-2025-48731 | Unauthorized Subscription Edit to Confluence Space in Mattermost Confluence Plugin |
| CVE-2025-48784 | Soar Cloud HRD Human Resource Management System - Missing Authorization |
| CVE-2025-4887 | SourceCodester Online Student Clearance System cross-site request forgery |
| CVE-2025-48878 | Combodo iTop vulnerable to IDOR with ModuleInstallation object |
| CVE-2025-48916 | Bookable Calendar - Less critical - Access bypass - SA-CONTRIB-2025-070 |
| CVE-2025-48998 | Dataease MYSQL JDBC File Reading Vulnerability |
| CVE-2025-49052 | WordPress Netease Music plugin <= 3.2.1 - Broken Access Control vulnerability |
| CVE-2025-49181 | Configurations endpoint does not require authorization |
| CVE-2025-49221 | Unauthenticated Access to Channel Subscription in Mattermost Confluence Plugin |
| CVE-2025-49234 | WordPress WP Dummy Content Generator plugin <= 3.4.6 - Arbitrary User Deletion vulnerability |
| CVE-2025-49236 | WordPress Raychat <= 2.1.0 - Broken Access Control Vulnerability |
| CVE-2025-49240 | WordPress DocsPress <= 2.5.2 - Broken Access Control Vulnerability |
| CVE-2025-49241 | WordPress oik <= 4.15.1 - Broken Access Control Vulnerability |
| CVE-2025-49246 | WordPress Testimonials Showcase <= 1.9.16 - Broken Access Control Vulnerability |
| CVE-2025-49248 | WordPress Team Showcase < 25.05.13 - Broken Access Control Vulnerability |
| CVE-2025-49872 | WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability |
| CVE-2025-49874 | WordPress Arconix FAQ plugin <= 1.9.6 - Broken Access Control Vulnerability |
| CVE-2025-49880 | WordPress CubeWP Forms plugin <= 1.1.5 - Broken Access Control Vulnerability |
| CVE-2025-49884 | WordPress Internal Linking of Related Contents plugin <= 1.1.8 - Broken Access Control Vulnerability |
| CVE-2025-49888 | WordPress PW WooCommerce On Sale! plugin <= 1.39 - Broken Access Control Vulnerability |
| CVE-2025-49899 | WordPress Whydonate plugin <= 4.0.15 - Broken Access Control vulnerability |
| CVE-2025-49903 | WordPress ZoloBlocks plugin <= 2.3.11 - Broken Access Control vulnerability |
| CVE-2025-49906 | WordPress WPComplete plugin <= 2.9.5.3 - Broken Access Control vulnerability |
| CVE-2025-49907 | WordPress MDTF plugin <= 1.3.3.9 - Broken Access Control vulnerability |
| CVE-2025-49910 | WordPress WPGuppy plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2025-49913 | WordPress CoSchedule plugin <= 3.4.0 - Broken Access Control vulnerability |
| CVE-2025-49916 | WordPress MultiVendorX plugin <= 4.2.23 - Broken Access Control vulnerability |
| CVE-2025-49920 | WordPress Web Accessibility By accessiBe plugin <= 2.10 - Broken Access Control vulnerability |
| CVE-2025-49922 | WordPress WPeMatico RSS Feed Fetcher plugin <= 2.8.3 - Broken Access Control vulnerability |
| CVE-2025-49925 | WordPress WPLMS plugin <= 1.9.9.7 - Broken Access Control vulnerability |
| CVE-2025-49937 | WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability |
| CVE-2025-49949 | WordPress Templazee plugin <= 1.0.2 - Broken Access Control Vulnerability |
| CVE-2025-49950 | WordPress Official Integration for Billingo Plugin <= 4.2.5 - Privilege Escalation Vulnerability |
| CVE-2025-49961 | WordPress Breeze Checkout plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2025-49969 | WordPress Zara 4 Image Compression plugin <= 1.2.17.2 - Broken Access Control Vulnerability |
| CVE-2025-49970 | WordPress Hello FSE Blog theme <= 1.0.6 - Broken Access Control Vulnerability |
| CVE-2025-49971 | WordPress eDS Responsive Menu plugin <= 1.2 - Broken Access Control Vulnerability |
| CVE-2025-49973 | WordPress Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes plugin <= 1.0.9 - Broken Access Control Vuln... |
| CVE-2025-49974 | WordPress UpStream: a Project Management Plugin for WordPress plugin <= 2.1.0 - Broken Access Control Vulnerability |
| CVE-2025-49976 | WordPress WANotifier plugin <= 2.7.7 - Broken Access Control Vulnerability |
| CVE-2025-49979 | WordPress Media Hygiene plugin <= 4.0.1 - Broken Access Control Vulnerability |
| CVE-2025-49980 | WordPress WP User Profile Avatar plugin <= 1.0.6 - Broken Access Control Vulnerability |
| CVE-2025-49981 | WordPress User Roles and Capabilities plugin <= 1.2.6 - Broken Access Control Vulnerability |
| CVE-2025-49982 | WordPress WP Customer Area plugin <= 8.2.5 - Broken Access Control Vulnerability |
| CVE-2025-49986 | WordPress Video List Manager plugin <= 1.7 - Broken Access Control Vulnerability |
| CVE-2025-49987 | WordPress CRM ERP Business Solution plugin <= 1.13 - Broken Access Control Vulnerability |
| CVE-2025-49988 | WordPress Contact Form 7 AWeber Extension plugin <= 0.1.38 - Broken Access Control Vulnerability |
| CVE-2025-49989 | WordPress App Builder plugin <= 5.5.3 - Broken Access Control Vulnerability |
| CVE-2025-49990 | WordPress ContentStudio plugin <= 1.3.4 - Broken Access Control Vulnerability |
| CVE-2025-49991 | WordPress WP-Recall plugin <= 16.26.14 - Broken Access Control Vulnerability |
| CVE-2025-49993 | WordPress Cookie-Script.com plugin <= 1.2.1 - Broken Access Control Vulnerability |
| CVE-2025-49996 | WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.8 - Broken Access Control Vulnerability |
| CVE-2025-49997 | WordPress Giveaways and Contests by RafflePress plugin <= 1.12.17 - Broken Access Control Vulnerability |
| CVE-2025-49998 | WordPress WooCommerce Fortnox Integration plugin <= 4.5.5 - Broken Access Control Vulnerability |
| CVE-2025-50008 | WordPress WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily plugin <= 1.2.4.5... |
| CVE-2025-50009 | WordPress Kata Plus plugin <= 1.5.3 - Broken Access Control Vulnerability |
| CVE-2025-50010 | WordPress Zapier for WordPress plugin <= 1.5.2 - Broken Access Control Vulnerability |
| CVE-2025-49265 | WordPress Membership For WooCommerce <= 2.8.1 - Broken Access Control Vulnerability |
| CVE-2025-5117 | Property 1.0.5 - 1.0.6 - Missing Authorization to Authenticated (Author+) Privilege Escalation via property_package_user_role... |
| CVE-2025-5121 | Missing Authorization in GitLab |
| CVE-2025-5132 | Tmall Demo logout cross-site request forgery |
| CVE-2025-5185 | Summer Pearl Group Vacation Rental Management Platform cross-site request forgery |
| CVE-2025-52554 | n8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ Workflows |
| CVE-2025-52721 | WordPress Global Gallery Plugin <= 9.2.3 - Broken Access Control Vulnerability |
| CVE-2025-52731 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerabil... |
| CVE-2025-52738 | WordPress Wikipedia Preview Plugin <= 1.15.0 - Broken Access Control Vulnerability |
| CVE-2025-52757 | WordPress SUMO Memberships for WooCommerce plugin <= 7.6.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-52775 | WordPress Project Cost Calculator Plugin <= 1.0.0 - Broken Access Control Vulnerability |
| CVE-2025-52785 | WordPress SMM API Plugin <= 6.0.30 - Broken Access Control Vulnerability |
| CVE-2025-52800 | WordPress The E-Commerce ERP <= 2.1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-52801 | WordPress TheBooking Plugin <= 1.4.4 - Broken Access Control Vulnerability |
| CVE-2025-52802 | WordPress Import YouTube videos as WP Posts plugin <= 2.1 - Broken Access Control Vulnerability |
| CVE-2025-52803 | WordPress Sala theme <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-52804 | WordPress Nuss theme <= 1.3.3 - Broken Access Control Vulnerability |
| CVE-2025-52813 | WordPress MobiLoud <= 4.6.5 - Broken Access Control Vulnerability |
| CVE-2025-52817 | WordPress Abandoned Contact Form 7 plugin <= 2.0 - Broken Access Control Vulnerability |
| CVE-2025-52818 | WordPress Trusty Whistleblowing plugin <= 1.5.2 - Broken Access Control Vulnerability |
| CVE-2025-5282 | WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2025-52824 | WordPress Mobile DJ Manager plugin <= 1.7.6 - Privilege Escalation Vulnerability |
| CVE-2025-5288 | REST API | Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthent... |
| CVE-2025-52950 | Juniper Security Director: Insufficient authorization for multiple endpoints in web interface |
| CVE-2025-52954 | Junos OS Evolved: A low-privileged user can execute arbitrary Junos commands and modify the configuration, thereby compromisi... |
| CVE-2025-5304 | PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add... |
| CVE-2025-53108 | HomeBox Missing User Authorization |
| CVE-2025-45854 | /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams. |
| CVE-2025-4597 | Woo Slider Pro - Drag Drop Slider Builder For WooCommerce <= 1.12 - Missing Authorization to Authenticated (Subscriber+) Arbi... |
| CVE-2025-53111 | GLPI exposes data to non-allowed users |
| CVE-2025-53112 | GLPI's incomprehensive permission checks can lead to data removal from allowed users |
| CVE-2025-53113 | GLPI technicians can access unauthorized information through external links |
| CVE-2025-5315 | Missing Authorization in GitLab |
| CVE-2025-5317 | Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac |
| CVE-2025-53200 | WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability |
| CVE-2025-53214 | WordPress Sertifier Certificate & Badge Maker plugin <= 1.21 - Broken Access Control Vulnerability |
| CVE-2025-53221 | WordPress CodeablePress Plugin <= 1.0.0 - Broken Access Control Vulnerability |
| CVE-2025-53230 | WordPress Page Manager for Elementor Plugin <= 2.0.5 - Broken Access Control Vulnerability |
| CVE-2025-53236 | WordPress UDesign Core plugin <= 4.14.0 - Broken Access Control vulnerability |
| CVE-2025-53246 | WordPress Backup and Move Plugin <= 0.1 - Broken Access Control Vulnerability |
| CVE-2025-53255 | WordPress HurryTimer plugin <= 2.13.1 - Broken Access Control Vulnerability |
| CVE-2025-53266 | WordPress Cron Logger plugin <= 1.3.0 - Broken Access Control Vulnerability |
| CVE-2025-53284 | WordPress CMS Blocks plugin <= 1.1 - Broken Access Control Vulnerability |
| CVE-2025-46232 | WordPress Download Alt Text AI <= 1.9.93 - Broken Access Control Vulnerability |
| CVE-2025-46244 | WordPress Advanced Linked Variations for Woocommerce <= 1.0.3 - Broken Access Control Vulnerability |
| CVE-2025-53288 | WordPress PlatiOnline Payments plugin <= 6.3.2 - Broken Access Control Vulnerability |
| CVE-2025-53291 | WordPress Spreadconnect plugin <= 2.1.5 - Broken Access Control Vulnerability |
| CVE-2025-53293 | WordPress Dashboard Widget Sidebar plugin <= 1.2.3 - Broken Access Control Vulnerability |
| CVE-2025-53295 | WordPress iCount Payment Gateway plugin <= 2.0.6 - Broken Access Control Vulnerability |
| CVE-2025-53304 | WordPress Contact Form – 7 : Hide Success Message plugin <= 1.1.4 - Broken Access Control Vulnerability |
| CVE-2025-53318 | WordPress WP DB Booster plugin <= 1.0.1 - Broken Access Control Vulnerability |
| CVE-2025-53323 | WordPress Pre-Publish Post Checklist plugin <= 3.1 - Broken Access Control Vulnerability |
| CVE-2025-53337 | WordPress LifePress Plugin <= 2.1.3 - Broken Access Control Vulnerability |
| CVE-2025-53340 | WordPress Awesome Support Plugin <= 6.3.4 - Sensitive Data Exposure Vulnerability |
| CVE-2025-53341 | WordPress Stratus Theme <= 4.2.5 - Broken Access Control Vulnerability |
| CVE-2025-53343 | WordPress Modernize Theme <= 3.4.0 - Broken Access Control Vulnerability |
| CVE-2025-53348 | WordPress Kalium Theme <= 3.18.3 - Broken Access Control Vulnerability |
| CVE-2025-53374 | Dokploy Improperly Discloses User Information via user.one Endpoint |
| CVE-2025-46247 | WordPress Appointment Booking Calendar <= 1.3.92 - Broken Access Control Vulnerability |
| CVE-2025-46258 | WordPress Element Pack Pro Plugin < 8.0.0 - Broken Access Control vulnerability |
| CVE-2025-46259 | WordPress The Plus Addons for Elementor - Pro Plugin < 6.3.7 - Broken Access Control vulnerability |
| CVE-2025-53825 | Dokploy's Preview Deployments are vulnerable to Remote Code Execution |
| CVE-2025-53857 | Lack of Authorization on Get Channel Subscriptions for Autocomplete in Mattermost Confluence Plugin |
| CVE-2025-53910 | Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin |
| CVE-2025-5410 | Mist Community Edition middleware.py session_start_response cross-site request forgery |
| CVE-2025-54159 | Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers t... |
| CVE-2025-54378 | HAX CMS Backend Lacks Comprehensive Authorization Checks |
| CVE-2025-54458 | Unauthorized Subscription Creation to Confluence Space in Mattermost Confluence Plugin |
| CVE-2025-53421 | WordPress Accordion plugin <= 2.3.14 - Broken Access Control vulnerability |
| CVE-2025-53424 | WordPress WooCommerce Orders & Customers Exporter plugin <= 5.4 - Broken Access Control vulnerability |
| CVE-2025-53452 | WordPress Event Rocket Plugin <= 3.3 - Broken Access Control Vulnerability |
| CVE-2025-53485 | SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes |
| CVE-2025-53495 | Unauthorized Disclosure of IP Reputation in AbuseFilter |
| CVE-2025-53499 | Unauthorized Inspection of Protected Variables in AbuseFilter |
| CVE-2025-53571 | WordPress HAPPY Plugin <= 1.0.6 - Broken Access Control Vulnerability |
| CVE-2025-53640 | Indico vulnerable to user enumeration via API endpoint |
| CVE-2025-5394 | Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Up... |
| CVE-2025-53986 | WordPress Hestia theme <= 3.2.10 - Broken Access Control Vulnerability |
| CVE-2025-53997 | WordPress Houzez theme <= 4.0.4 - Broken Access Control Vulnerability |
| CVE-2025-54004 | WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.21 - Broken Access Control vulnerability |
| CVE-2025-54005 | WordPress SKT Page Builder plugin <= 4.9 - Broken Access Control vulnerability |
| CVE-2025-54011 | WordPress SMTP2GO plugin <= 1.12.1 - Broken Access Control Vulnerability |
| CVE-2025-54018 | WordPress CM Pop-Up banners plugin <= 1.8.4 - Broken Access Control Vulnerability |
| CVE-2025-54943 | SUNNET Corporate Training Management System - Missing Authorization |
| CVE-2025-54025 | WordPress Coupon Affiliates Plugin <= 6.4.0 - Settings Change Vulnerability |
| CVE-2025-54037 | WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability |
| CVE-2025-54040 | WordPress Webba Booking <= 5.1.20 - Broken Access Control Vulnerability |
| CVE-2025-54045 | WordPress CM On Demand Search And Replace plugin <= 1.5.4 - Broken Access Control vulnerability |
| CVE-2025-54047 | WordPress Cost Calculator plugin <= 7.4 - Broken Access Control Vulnerability |
| CVE-2025-54679 | WordPress Neon Channel Product Customizer Free Plugin <= 2.0 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-54692 | WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability |
| CVE-2025-54695 | WordPress HT Mega Plugin plugin <= 2.9.0 - Broken Access Control Vulnerability |
| CVE-2025-54705 | WordPress WpEvently Plugin plugin <= 4.4.6 - Broken Access Control Vulnerability |
| CVE-2025-54710 | WordPress Tiktok Feed Plugin <= 1.0.21 - Broken Access Control Vulnerability |
| CVE-2025-54711 | WordPress Info Cards Plugin <= 1.0.11 - Broken Access Control Vulnerability |
| CVE-2025-54712 | WordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control Vulnerability |
| CVE-2025-54714 | WordPress Zephyr Project Manager Plugin <= 3.3.201 - Broken Access Control Vulnerability |
| CVE-2025-54717 | WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability |
| CVE-2025-54730 | WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability |
| CVE-2025-55038 | AutomationDirect CLICK PLUS Missing Authorization |
| CVE-2025-54733 | WordPress All Bootstrap Blocks Plugin <= 1.3.28 - Broken Access Control Vulnerability |
| CVE-2025-54734 | WordPress B Slider Plugin <= 1.1.30 - Broken Access Control Vulnerability |
| CVE-2025-54739 | WordPress Nexter Blocks Plugin <= 4.5.4 - Broken Access Control Vulnerability |
| CVE-2025-54741 | WordPress Super Blank Plugin <= 1.2.0 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-54743 | WordPress Download After Email Plugin 2.1.5-2.1.6 - Other Vulnerability Type Vulnerability |
| CVE-2025-54744 | WordPress MasterStudy LMS Plugin <= 3.6.15 - Broken Access Control Vulnerability |
| CVE-2025-54745 | WordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control Vulnerability |
| CVE-2025-54751 | WordPress PostX plugin <= 4.1.36 - Broken Access Control vulnerability |
| CVE-2025-5483 | LC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation |
| CVE-2025-5486 | WP Email Debug 1.0 - 1.1.0 - Missing Authorization to Unauthenticated Privilege Escalation via Password Reset |
| CVE-2025-55141 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Ga... |
| CVE-2025-55142 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Ga... |
| CVE-2025-55144 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Ga... |
| CVE-2025-55145 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Ga... |
| CVE-2025-55148 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Ga... |
| CVE-2025-57958 | WordPress WowAddons Plugin <= 1.0.17 - Broken Access Control Vulnerability |
| CVE-2025-5521 | WuKongOpenSource WukongCRM updataPassword cross-site request forgery |
| CVE-2025-55712 | WordPress The Plus Addons for Elementor Page Builder Lite Plugin <= 6.3.13 - Broken Access Control Vulnerability |
| CVE-2025-55716 | WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability |
| CVE-2025-55734 | flaskBlo Authorization Bypass |
| CVE-2025-55741 | unopim/unopim allows unauthorized product deletion via mass-delete endpoint |
| CVE-2025-5692 | Lead Form Data Collection to CRM <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Many Actions |
| CVE-2025-5701 | HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-5732 | code-projects Traffic Offense Reporting System cross-site request forgery |
| CVE-2025-5766 | code-projects Laundry System cross-site request forgery |
| CVE-2025-57817 | Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation |
| CVE-2025-57884 | WordPress Greenshift Plugin <= 12.1.1 - Broken Access Control Vulnerability |
| CVE-2025-57894 | WordPress WPPizza Plugin <= 3.19.8 - Broken Access Control Vulnerability |
| CVE-2025-57896 | WordPress Church Admin Plugin <= 5.0.26 - Broken Access Control Vulnerability |
| CVE-2025-57899 | WordPress WP Compress Plugin <= 6.50.54 - Broken Access Control Vulnerability |
| CVE-2025-57907 | WordPress Heureka Plugin <= 1.1.0 - Broken Access Control Vulnerability |
| CVE-2025-57909 | WordPress Editor Custom Color Palette Plugin <= 3.4.8 - Broken Access Control Vulnerability |
| CVE-2025-57917 | WordPress Printcart Web to Print Product Designer for WooCommerce Plugin <= 2.4.3 - Broken Access Control Vulnerability |
| CVE-2025-57921 | WordPress Frontend File Manager Plugin <= 23.2 - Broken Access Control Vulnerability |
| CVE-2025-57936 | WordPress Subresource Integrity (SRI) Manager Plugin <= 0.4.0 - Broken Access Control Vulnerability |
| CVE-2025-57939 | WordPress Image Hover Effects – Elementor Addon Plugin <= 1.4.4 - Broken Access Control Vulnerability |
| CVE-2025-57944 | WordPress Skimlinks Affiliate Marketing Tool Plugin <= 1.3 - Broken Access Control Vulnerability |
| CVE-2025-57949 | WordPress Ongkoskirim.id Plugin <= 1.0.6 - Broken Access Control Vulnerability |
| CVE-2025-57955 | WordPress Post Carousel Slider for Elementor Plugin <= 1.7.0 - Broken Access Control Vulnerability |
| CVE-2025-57957 | WordPress WooMS Plugin <= 9.12 - Broken Access Control Vulnerability |
| CVE-2025-5814 | Profiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via S... |
| CVE-2025-5815 | Traffic Monitor <= 3.2.2 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-5816 | Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenti... |
| CVE-2025-57961 | WordPress CoDesigner Plugin <= 4.25.2 - Broken Access Control Vulnerability |
| CVE-2025-57969 | WordPress Hide WP Toolbar Plugin <= 2.7 - Broken Access Control Vulnerability |
| CVE-2025-57971 | WordPress SALESmanago Plugin <= 3.8.1 - Broken Access Control Vulnerability |
| CVE-2025-57972 | WordPress Helpdesk Support Ticket System for WooCommerce Plugin <= 2.0.2 - Broken Access Control Vulnerability |
| CVE-2025-58192 | WordPress WP Bulk Delete Plugin <= 1.3.6 - Broken Access Control Vulnerability |
| CVE-2025-58193 | WordPress Uncanny Automator Plugin <= 6.7.0.1 - Broken Access Control Vulnerability |
| CVE-2025-58198 | WordPress Xpro Theme Builder Plugin <= 1.2.9 - Broken Access Control Vulnerability |
| CVE-2025-58201 | WordPress AfterShip Tracking Plugin <= 1.17.17 - Broken Access Control Vulnerability |
| CVE-2025-58207 | WordPress Ai Image Alt Text Generator for WP Plugin <= 1.1.5 - Broken Access Control Vulnerability |
| CVE-2025-58210 | WordPress Makeaholic Theme <= 1.8.5 - Broken Access Control Vulnerability |
| CVE-2025-58221 | WordPress PilotPress Plugin <= 2.0.35 - Broken Access Control Vulnerability |
| CVE-2025-58222 | WordPress Team Manager Plugin <= 2.3.14 - Broken Access Control Vulnerability |
| CVE-2025-58243 | WordPress imEvent Theme <= 3.4.0 - Broken Access Control Vulnerability |
| CVE-2025-58247 | WordPress TI WooCommerce Wishlist Plugin <= 2.10.0 - Broken Access Control Vulnerability |
| CVE-2025-58251 | WordPress Sticky Header Effects for Elementor Plugin <= 2.1.2 - Broken Access Control Vulnerability |
| CVE-2025-58258 | WordPress Lazy Blocks Plugin <= 4.1.0 - Broken Access Control Vulnerability |
| CVE-2025-5835 | Droip <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Many Actions |
| CVE-2025-5846 | Missing Authorization in GitLab |
| CVE-2025-57975 | WordPress Team Plugin <= 5.0.6 - Broken Access Control Vulnerability |
| CVE-2025-57976 | WordPress CardCom Payment Gateway Plugin <= 3.5.0.4 - Broken Access Control Vulnerability |
| CVE-2025-57985 | WordPress Ultimate Watermark Plugin <= 1.1 - Broken Access Control Vulnerability |
| CVE-2025-58594 | WordPress Brizy Plugin <= 2.7.12 - Broken Access Control Vulnerability |
| CVE-2025-58599 | WordPress Order Delivery Date for WooCommerce Plugin <= 4.1.0 - Broken Access Control Vulnerability |
| CVE-2025-58600 | WordPress Paid Member Subscriptions Plugin <= 2.15.9 - Broken Access Control Vulnerability |
| CVE-2025-58601 | WordPress Classified Listing Plugin <= 5.0.6 - Broken Access Control Vulnerability |
| CVE-2025-58603 | WordPress Surfer Plugin <= 1.6.4.574 - Broken Access Control Vulnerability |
| CVE-2025-58606 | WordPress SaasLauncher Theme <= 1.3.0 - Broken Access Control Vulnerability |
| CVE-2025-58613 | WordPress Posts Table with Search & Sort Plugin <= 1.4.10 - Broken Access Control Vulnerability |
| CVE-2025-58616 | WordPress Frisbii Pay Plugin <= 1.8.2.1 - Broken Access Control Vulnerability |
| CVE-2025-58617 | WordPress F4 Media Taxonomies Plugin <= 1.1.4 - Broken Access Control Vulnerability |
| CVE-2025-58622 | WordPress Mobile Contact Line Plugin <= 2.4.0 - Broken Access Control Vulnerability |
| CVE-2025-58629 | WordPress Miraculous theme < 2.0.9 - Arbitrary Content Deletion vulnerability |
| CVE-2025-58634 | WordPress PeachPay Payments Plugin <= 1.117.4 - Broken Access Control Vulnerability |
| CVE-2025-58635 | WordPress Support Genix Plugin <= 1.4.23 - Broken Access Control Vulnerability |
| CVE-2025-58639 | WordPress Contact Form By Mega Forms Plugin <= 1.6.1 - Broken Access Control Vulnerability |
| CVE-2025-58650 | WordPress All In One SEO Pack Plugin <= 4.8.7 - Broken Access Control Vulnerability |
| CVE-2025-58660 | WordPress Oshine Core Plugin <= 1.5.5 - Broken Access Control Vulnerability |
| CVE-2025-58663 | WordPress Qubely Plugin <= 1.8.14 - Broken Access Control Vulnerability |
| CVE-2025-58664 | WordPress Text To Speech TTS Accessibility Plugin <= 1.9.20 - Broken Access Control Vulnerability |
| CVE-2025-58666 | WordPress Website Chat Button: Kommo integration Plugin <= 1.3.1 - Broken Access Control Vulnerability |
| CVE-2025-58667 | WordPress ListingPro Reviews Plugin <= 1.6 - Broken Access Control Vulnerability |
| CVE-2025-58668 | WordPress WPLMS Theme <= 4.970 - Broken Access Control Vulnerability |
| CVE-2025-58672 | WordPress WP User Frontend Plugin <= 4.1.11 - Broken Access Control Vulnerability |
| CVE-2025-58678 | WordPress Accordion Plugin <= 2.3.14 - Broken Access Control Vulnerability |
| CVE-2025-58679 | WordPress AppMySite Plugin <= 3.14.0 - Broken Access Control Vulnerability |
| CVE-2025-58680 | WordPress Gutentor Plugin <= 3.5.2 - Broken Access Control Vulnerability |
| CVE-2025-58681 | WordPress Easy Quotes Plugin <= 1.2.4 - Broken Access Control Vulnerability |
| CVE-2025-58685 | WordPress Cecabank WooCommerce Plugin Plugin <= 0.3.4 - Broken Access Control Vulnerability |
| CVE-2025-58711 | WordPress Blog Designer PRO plugin <= 3.4.8 - Broken Access Control vulnerability |
| CVE-2025-57987 | WordPress WP Events Manager Plugin <= 2.2.1 - Broken Access Control Vulnerability |
| CVE-2025-57990 | WordPress Blog Designer Plugin <= 3.1.8 - Broken Access Control Vulnerability |
| CVE-2025-57991 | WordPress Clariti Plugin <= 1.2.1 - Broken Access Control Vulnerability |
| CVE-2025-57995 | WordPress DethemeKit For Elementor Plugin <= 2.1.10 - Broken Access Control Vulnerability |
| CVE-2025-57997 | WordPress Trustpilot Reviews Plugin <= 2.5.925 - Broken Access Control Vulnerability |
| CVE-2025-58000 | WordPress Memberful Plugin <= 1.75.0 - Broken Access Control Vulnerability |
| CVE-2025-58003 | WordPress Javo Core Plugin <= 3.0.0.266 - Broken Access Control Vulnerability |
| CVE-2025-58004 | WordPress DriCub Theme <= 2.9 - Broken Access Control Vulnerability |
| CVE-2025-58753 | copyparty: Sharing a single file does not fully restrict access to other files in source folder |
| CVE-2025-58783 | WordPress Gutentor Plugin <= 3.5.1 - Broken Access Control Vulnerability |
| CVE-2025-58785 | WordPress Ray Enterprise Translation Plugin <= 1.7.1 - Broken Access Control Vulnerability |
| CVE-2025-58795 | WordPress Payoneer Checkout Plugin <= 3.4.0 - Content Spoofing Vulnerability |
| CVE-2025-58813 | WordPress Consultstreet Theme <= 3.0.0 - Broken Access Control Vulnerability |
| CVE-2025-58816 | WordPress Product Carousel Slider for Elementor Plugin <= 2.1.3 - Broken Access Control Vulnerability |
| CVE-2025-58817 | WordPress SoftMe Theme <= 1.1.24 - Broken Access Control Vulnerability |
| CVE-2025-58824 | WordPress Shk Corporate Theme <= 2.4.1.1 - Broken Access Control Vulnerability |
| CVE-2025-5885 | Konica Minolta bizhub cross-site request forgery |
| CVE-2025-58877 | WordPress Javo Core plugin <= 3.0.0.529 - Arbitrary Content Deletion vulnerability |
| CVE-2025-5888 | jsnjfz WebStack-Guns cross-site request forgery |
| CVE-2025-58919 | WordPress Wide Banner plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-58938 | WordPress IDonatePro plugin <= 2.1.9 - Broken Access Control vulnerability |
| CVE-2025-5894 | Honding Technology Smart Parking Management System - Missing Authorization |
| CVE-2025-58009 | WordPress CP Multi View Event Calendar Plugin <= 1.4.32 - Broken Access Control Vulnerability |
| CVE-2025-58016 | WordPress CF7 Submissions Plugin <= 0.26 - Broken Access Control Vulnerability |
| CVE-2025-58029 | WordPress Classic Widgets with Block-based Widgets Plugin <= 1.0.1 - Broken Access Control Vulnerability |
| CVE-2025-58957 | WordPress VPSUForm Plugin <= 3.2.20 - Broken Access Control Vulnerability |
| CVE-2025-58968 | WordPress MaxiBlocks Plugin <= 2.1.3 - Broken Access Control Vulnerability |
| CVE-2025-58969 | WordPress Custom Login URL Plugin <= 1.0.2 - Broken Access Control Vulnerability |
| CVE-2025-58976 | WordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control Vulnerability |
| CVE-2025-58978 | WordPress PDF Generator for WordPress Plugin <= 1.5.4 - Broken Access Control Vulnerability |
| CVE-2025-58979 | WordPress BerqWP Plugin <= 2.2.53 - Broken Access Control Vulnerability |
| CVE-2025-58980 | WordPress Export WP Page to Static HTML/CSS Plugin <= 4.1.0 - Broken Access Control Vulnerability |
| CVE-2025-58981 | WordPress Accessibility Checker by Equalize Digital Plugin <= 1.31.0 - Broken Access Control Vulnerability |
| CVE-2025-58986 | WordPress Jock On Air Now (JOAN) plugin <= 6.0.4 - Broken Access Control vulnerability |
| CVE-2025-5900 | Tenda AC9 cross-site request forgery |
| CVE-2025-59001 | WordPress Salient Core plugin <= 3.0.8 - Broken Access Control vulnerability |
| CVE-2025-59005 | WordPress Categorify plugin <= 1.0.7.5 - Broken Access Control vulnerability |
| CVE-2025-59011 | WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-59017 | Broken Access Control in Backend AJAX Routes |
| CVE-2025-5803 | WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.2 - Broken Access Control vulnerability |
| CVE-2025-58073 | Arbitrary Mattermost Team can be joined by manipulating the OAuth state |
| CVE-2025-58075 | Arbitrary Mattermost Team can be joined by manipulating the SAML RelayState |
| CVE-2025-5811 | Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion |
| CVE-2025-5812 | VG WORT METIS <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update |
| CVE-2025-5813 | Amazon Products to WooCommerce <= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product Creation |
| CVE-2025-59576 | WordPress MasterStudy LMS Plugin <= 3.6.20 - Broken Access Control Vulnerability |
| CVE-2025-59021 | TYPO3 CMS Allows Broken Access Control in Redirects Module |
| CVE-2025-59022 | TYPO3 CMS Allows Broken Access Control in Recycler Module |
| CVE-2025-5919 | Appointment Booking and Scheduling Calendar Plugin – WP Timetics <= 1.0.36 - Missing Authorization to Unauthenticated Booking... |
| CVE-2025-59353 | Manager generates mTLS certificates for arbitrary IP addresses |
| CVE-2025-59413 | CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter |
| CVE-2025-59416 | The Scratch Channel forks can publish articles |
| CVE-2025-59461 | API does not require authentication |
| CVE-2025-5953 | WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Privilege Escalation via wp_... |
| CVE-2025-59551 | WordPress Revive.so Plugin <= 2.0.6 - Broken Access Control Vulnerability |
| CVE-2025-59559 | WordPress Payrexx Payment Gateway for WooCommerce Plugin <= 3.1.5 - Broken Access Control Vulnerability |
| CVE-2025-5956 | WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Arbitrary User Deletion via... |
| CVE-2025-59561 | WordPress Smart Blocks Plugin <= 2.4 - Broken Access Control Vulnerability |
| CVE-2025-59567 | WordPress Coupon Affiliates Plugin <= 6.8.0 - Broken Access Control Vulnerability |
| CVE-2025-5957 | Guest Support – Complete customer support ticket system for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Tic... |
| CVE-2025-59826 | FlagForgeCTF Vulnerable to Unauthorized Problem Creation |
| CVE-2025-59827 | FlagForgeCTF is Missing Authorization in main-v2 |
| CVE-2025-59828 | Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions |
| CVE-2025-60045 | WordPress IDonatePro plugin <= 2.1.11 - Broken Access Control vulnerability |
| CVE-2025-60077 | WordPress YayPricing plugin <= 3.5.3 - Broken Access Control vulnerability |
| CVE-2025-60079 | WordPress Parallax Section block plugin <= 1.0.9 - Broken Authentication vulnerability |
| CVE-2025-60086 | WordPress WP Voting Contest plugin <= 5.8 - Broken Access Control vulnerability |
| CVE-2025-60088 | WordPress WebinarIgnition plugin <= 4.06.04 - Broken Access Control vulnerability |
| CVE-2025-60094 | WordPress Stackable Plugin <= 3.18.1 - Broken Access Control Vulnerability |
| CVE-2025-60096 | WordPress TheGem (Elementor) Theme <= 5.10.5 - Broken Access Control Vulnerability |
| CVE-2025-60097 | WordPress TheGem Theme <= 5.10.5 - Broken Access Control Vulnerability |
| CVE-2025-60098 | WordPress Theme My Login Plugin <= 7.1.12 - Broken Access Control Vulnerability |
| CVE-2025-60103 | WordPress ListingPro Plugin <= 2.9.8 - Broken Access Control Vulnerability |
| CVE-2025-60106 | WordPress EmailKit Plugin <= 1.6.0 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-59581 | WordPress Ibtana Plugin <= 1.2.5.3 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-59591 | WordPress wpDiscuz Plugin <= 7.6.33 - Broken Access Control Vulnerability |
| CVE-2025-60247 | WordPress Bux Woocommerce plugin <= 1.2.3 - Broken Access Control vulnerability |
| CVE-2025-60116 | WordPress Grand Conference Theme Custom Post Type Plugin <= 2.6.3 - Broken Access Control Vulnerability |
| CVE-2025-60120 | WordPress WP Directory Kit Plugin <= 1.3.8 - Broken Access Control Vulnerability |
| CVE-2025-60121 | WordPress WooEvents Plugin <= 4.1.7 - Broken Access Control Vulnerability |
| CVE-2025-60122 | WordPress HivePress Claim Listings Plugin <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-60123 | WordPress HivePress Claim Listings Plugin <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-60127 | WordPress CopySafe Web Protection Plugin <= 4.3 - Broken Access Control Vulnerability |
| CVE-2025-60128 | WordPress Delisho Plugin <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-60129 | WordPress Yext Plugin <= 1.1.3 - Broken Access Control Vulnerability |
| CVE-2025-60130 | WordPress WEDOS Global Plugin <= 1.2.2 - Broken Access Control Vulnerability |
| CVE-2025-60143 | WordPress Netgsm Plugin <= 2.9.58 - Broken Access Control Vulnerability |
| CVE-2025-60148 | WordPress Subscribe to Download Plugin <= 2.0.9 - Broken Access Control Vulnerability |
| CVE-2025-60152 | WordPress Subscribe To Unlock Plugin <= 1.1.5 - Broken Access Control Vulnerability |
| CVE-2025-60155 | WordPress WP Virtual Assistant Plugin <= 3.0 - Broken Access Control Vulnerability |
| CVE-2025-6043 | Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Authenticated (Subscriber+) Arbitrary File Delet... |
| CVE-2025-6105 | jflyfox jfinal_cms HOME.java cross-site request forgery |
| CVE-2025-6106 | WuKongOpenSource WukongCRM AdminRoleController.java cross-site request forgery |
| CVE-2025-62027 | WordPress Event Tickets plugin <= 5.26.3 - Broken Access Control vulnerability |
| CVE-2025-62028 | WordPress Salient theme < 17.4.0 - Broken Access Control vulnerability |
| CVE-2025-62033 | WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-62037 | WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-62046 | WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability |
| CVE-2025-62048 | WordPress SmartCrawl plugin <= 3.14.3 - Broken Access Control vulnerability |
| CVE-2025-62049 | WordPress Cost Calculator Builder plugin <= 3.5.32 - Broken Access Control vulnerability |
| CVE-2025-6205 | Missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 |
| CVE-2025-62052 | WordPress One Page Express Companion plugin <= 1.6.43 - Broken Access Control vulnerability |
| CVE-2025-62070 | WordPress WowRevenue plugin <= 1.2.13 - Broken Access Control vulnerability |
| CVE-2025-60159 | WordPress Nota Fiscal Eletrônica WooCommerce Plugin <= 3.4.0.6 - Broken Access Control Vulnerability |
| CVE-2025-60165 | WordPress Frames Theme <= 1.5.7 - Broken Access Control Vulnerability |
| CVE-2025-60166 | WordPress WP Subscription Forms PRO Plugin <= 2.0.5 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-6171 | Missing Authorization in GitLab |
| CVE-2025-6187 | bSecure 1.3.7 - 1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_info REST Endpoint |
| CVE-2025-6190 | Realty Portal – Agent <= 0.3.9 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via rp_user_profil... |
| CVE-2025-62006 | WordPress WP SMS plugin <= 7.0.1 - Broken Access Control vulnerability |
| CVE-2025-62013 | WordPress UiChemy plugin <= 4.0.0 - Broken Access Control vulnerability |
| CVE-2025-62017 | WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability |
| CVE-2025-62018 | WordPress Kallyas theme <= 4.22.0 - Broken Access Control vulnerability |
| CVE-2025-62019 | WordPress Recipe Card Blocks for Gutenberg & Elementor plugin <= 3.4.8 - Broken Access Control vulnerability |
| CVE-2025-62021 | WordPress Acknowledgify plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2025-62022 | WordPress BuddyPress plugin <= 14.3.4 - Broken Access Control vulnerability |
| CVE-2025-62247 | Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2... |
| CVE-2025-62256 | Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA thro... |
| CVE-2025-62071 | WordPress Social proof testimonials and reviews by Repuso plugin <= 5.29 - Broken Access Control vulnerability |
| CVE-2025-62072 | WordPress Front End Users plugin <= 3.2.33 - Broken Access Control vulnerability |
| CVE-2025-62073 | WordPress MeetingHub plugin <= 1.23.9 - Broken Access Control vulnerability |
| CVE-2025-62078 | WordPress Easy Upload Files During Checkout plugin <= 3.0.0 - Broken Access Control vulnerability |
| CVE-2025-62079 | WordPress WP Export Categories & Taxonomies plugin <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2025-62081 | WordPress Live Shopping & Shoppable Videos For WooCommerce plugin <= 2.2.0 - Broken Access Control vulnerability |
| CVE-2025-62085 | WordPress BERTHA AI plugin <= 1.13 - Broken Access Control vulnerability |
| CVE-2025-62086 | WordPress Яндекс Доставка (Boxberry) plugin <= 2.32 - Broken Access Control vulnerability |
| CVE-2025-62087 | WordPress Sticky Notes for WP Dashboard plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2025-62090 | WordPress Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons plugin <= 3.0.2 - Broken Access Control vulne... |
| CVE-2025-62091 | WordPress Serial Codes Generator and Validator with WooCommerce Support plugin <= 2.8.2 - Broken Access Control vulnerability |
| CVE-2025-62092 | WordPress Wiremo plugin <= 1.4.99 - Broken Access Control vulnerability |
| CVE-2025-62098 | WordPress Portfolio Gallery plugin <= 1.4.8 - Broken Access Control vulnerability |
| CVE-2025-62293 | Broken Access Control in SOPlanning |
| CVE-2025-6253 | UiCore Elements <= 1.3.0 - Missing Authorization to Unauthenticated Arbitrary File Read |
| CVE-2025-62614 | BookLore Media API Authentication Bypass |
| CVE-2025-62642 | The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup AP... |
| CVE-2025-62712 | JumpServer Connection Token Leak Vulnerability |
| CVE-2025-62714 | Karmada Dashboard API Unauthorized Access Vulnerability |
| CVE-2025-62736 | WordPress Image Cleanup plugin <= 1.9.2 - Broken Access Control vulnerability |
| CVE-2025-62738 | WordPress Formstack Online Forms plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2025-62740 | WordPress WP-CRM System plugin <= 3.4.5 - Broken Access Control vulnerability |
| CVE-2025-62747 | WordPress Featured Image Generator plugin <= 1.3.3 - Broken Access Control vulnerability |
| CVE-2025-62751 | WordPress Vireo theme <= 1.0.24 - Broken Access Control vulnerability |
| CVE-2025-62755 | WordPress GS Portfolio for Envato plugin <= 1.4.2 - Broken Access Control vulnerability |
| CVE-2025-6284 | PHPGurukul Car Rental Portal cross-site request forgery |
| CVE-2025-62865 | WordPress Post Cloner plugin <= 1.0.0 - Broken Access Control vulnerability |
| CVE-2025-62099 | WordPress Signature Add-On for Gravity Forms plugin <= 1.8.6 - Broken Access Control vulnerability |
| CVE-2025-62100 | WordPress ThemeRain Core plugin <= 1.1.9 - Broken Access Control vulnerability |
| CVE-2025-62108 | WordPress Add Custom Codes plugin <= 4.80 - Broken Access Control vulnerability |
| CVE-2025-62115 | WordPress Hide Plugins plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-62116 | WordPress AI Copilot plugin <= 1.4.7 - Broken Access Control vulnerability |
| CVE-2025-62122 | WordPress Trash Duplicate and 301 Redirect plugin <= 1.9.1 - Broken Access Control vulnerability |
| CVE-2025-62128 | WordPress SiteLock Security plugin <= 5.0.1 - Broken Access Control vulnerability |
| CVE-2025-62867 | WordPress Ergonet Cache plugin <= 1.0.11 - Broken Access Control vulnerability |
| CVE-2025-62869 | WordPress Gravitec.net – Web Push Notifications plugin <= 2.9.17 - Broken Access Control vulnerability |
| CVE-2025-62870 | WordPress Eupago Gateway For Woocommerce plugin <= 4.6.3 - Broken Access Control vulnerability |
| CVE-2025-62874 | WordPress AnyComment plugin <= 0.3.6 - Broken Access Control vulnerability |
| CVE-2025-62881 | WordPress WP-Lister Lite for eBay plugin <= 3.8.3 - Broken Access Control vulnerability |
| CVE-2025-62882 | WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability |
| CVE-2025-62883 | WordPress Premmerce User Roles plugin <= 1.0.13 - Broken Access Control vulnerability |
| CVE-2025-62884 | WordPress Coupon Affiliates plugin <= 7.0.3 - Broken Access Control vulnerability |
| CVE-2025-62888 | WordPress WP Attachments plugin <= 5.2 - Broken Access Control vulnerability |
| CVE-2025-62889 | WordPress King Addons for Elementor plugin <= 51.1.37 - Broken Access Control vulnerability |
| CVE-2025-62892 | WordPress Sunshine Photo Cart plugin <= 3.5.3 - Broken Access Control vulnerability |
| CVE-2025-62906 | WordPress Referral Link Tracker plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2025-62908 | Без описания... |
| CVE-2025-62909 | WordPress Smart WeTransfer plugin <= 1.3 - Broken Access Control vulnerability |
| CVE-2025-62914 | WordPress Effect Maker plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2025-62915 | WordPress SMS Contact Form 7 Notifications by ClickSend plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2025-62129 | WordPress RestroPress plugin <= 3.2.4.2 - Broken Access Control vulnerability |
| CVE-2025-62130 | WordPress Accordion Slider Gallery plugin <= 2.7 - Broken Access Control vulnerability |
| CVE-2025-62131 | WordPress Tasty Recipes Lite plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2025-62132 | WordPress Tasty Recipes Lite plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2025-62138 | WordPress WP Advanced PDF plugin <= 1.1.7 - Other vulnerability Type vulnerability |
| CVE-2025-62141 | WordPress Wawp plugin <= 4.0.5 - Broken Access Control vulnerability |
| CVE-2025-62144 | WordPress Core Web Vitals & PageSpeed Booster plugin <= 1.0.27 - Broken Access Control vulnerability |
| CVE-2025-62916 | WordPress Flights & Hotels Booking WP Plugin plugin <= 3.1 - Broken Access Control vulnerability |
| CVE-2025-62918 | WordPress IgnitionDeck plugin <= 2.0.10 - Broken Access Control vulnerability |
| CVE-2025-62919 | WordPress TS Demo Importer plugin <= 0.1.2 - Broken Access Control vulnerability |
| CVE-2025-62922 | WordPress Export Categories plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2025-62924 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability |
| CVE-2025-62925 | WordPress Conversios.io plugin <= 7.2.10 - Broken Access Control vulnerability |
| CVE-2025-62927 | WordPress Nelio Content plugin <= 4.0.5 - Broken Access Control vulnerability |
| CVE-2025-62928 | WordPress SEO Meta Description Updater plugin <= 1.2.0 - Broken Access Control vulnerability |
| CVE-2025-62929 | WordPress Testimonial Slider plugin <= 2.0.15 - Broken Access Control vulnerability |
| CVE-2025-62931 | WordPress MSN Partner Hub plugin <= 2.8.7 - Broken Access Control vulnerability |
| CVE-2025-62932 | WordPress Table Block by RioVizual plugin <= 2.3.2 - Broken Access Control vulnerability |
| CVE-2025-62935 | WordPress Open Close WooCommerce Store plugin <= 4.9.8 - Broken Access Control vulnerability |
| CVE-2025-62938 | WordPress Reoon Email Verifier plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2025-62944 | WordPress MSTW CSV EXPORTER plugin <= 1.4 - Broken Access Control vulnerability |
| CVE-2025-62946 | WordPress Everest Backup plugin <= 2.3.8 - Broken Access Control vulnerability |
| CVE-2025-62952 | WordPress ChatBot plugin <= 7.3.0 - Broken Access Control vulnerability |
| CVE-2025-62953 | WordPress Welcart e-Commerce plugin <= 2.11.24 - Broken Access Control vulnerability |
| CVE-2025-62954 | WordPress Revive Old Posts plugin <= 9.3.3 - Broken Access Control vulnerability |
| CVE-2025-62960 | WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability |
| CVE-2025-62961 | WordPress Sparkle FSE theme <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-62964 | WordPress MDTF plugin <= 1.3.4 - Broken Access Control vulnerability |
| CVE-2025-62965 | WordPress Admin Management Xtended plugin <= 2.5.1 - Broken Access Control vulnerability |
| CVE-2025-62966 | WordPress GoCache plugin <= 1.3.6 - Broken Access Control vulnerability |
| CVE-2025-62970 | WordPress Link Whisper Free plugin <= 0.8.8 - Broken Access Control vulnerability |
| CVE-2025-62972 | WordPress WebinarPress plugin <= 1.33.28 - Broken Access Control vulnerability |
| CVE-2025-62973 | WordPress BuddyForms plugin <= 2.9.0 - Broken Access Control vulnerability |
| CVE-2025-62976 | WordPress Sendle Shipping plugin <= 6.02 - Broken Access Control vulnerability |
| CVE-2025-62977 | WordPress 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2025-62978 | WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability |
| CVE-2025-62980 | WordPress Persian Admnin Fonts plugin <= 4.1.03 - Broken Access Control vulnerability |
| CVE-2025-62993 | WordPress Notification for Telegram plugin <= 3.4.7 - Broken Access Control vulnerability |
| CVE-2025-62995 | WordPress MultiParcels Shipping For WooCommerce plugin <= 1.30.12 - Broken Access Control vulnerability |
| CVE-2025-62996 | WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.12 - Broken Access Control vulnerability |
| CVE-2025-62999 | WordPress Litho Addons plugin <= 3.4 - Broken Access Control vulnerability |
| CVE-2025-63001 | WordPress Hotel Booking plugin <= 3.8 - Broken Access Control vulnerability |
| CVE-2025-63002 | WordPress Sermon Manager plugin <= 2.30.0 - Broken Access Control vulnerability |
| CVE-2025-63004 | WordPress All in One Accessibility plugin <= 1.14 - Broken Access Control vulnerability |
| CVE-2025-63006 | WordPress EventPrime plugin <= 4.2.4.1 - Broken Access Control vulnerability |
| CVE-2025-63008 | WordPress WP ERP plugin <= 1.16.7 - Broken Access Control vulnerability |
| CVE-2025-63015 | WordPress WooCommerce Payment Gateway – Paysera plugin <= 3.9.0 - Broken Access Control vulnerability |
| CVE-2025-63016 | WordPress QuadLayers TikTok Feed plugin <= 4.6.4 - Broken Access Control vulnerability |
| CVE-2025-63022 | WordPress Simple Like Page plugin <= 1.5.3 - Broken Access Control vulnerability |
| CVE-2025-63023 | WordPress Payment Gateway for PayPal on WooCommerce plugin <= 9.0.52 - Broken Access Control vulnerability |
| CVE-2025-63024 | WordPress Order Delivery Date for WooCommerce plugin <= 4.3.1 - Broken Access Control vulnerability |
| CVE-2025-63025 | WordPress Xagio SEO plugin <= 7.1.0.29 - Broken Access Control vulnerability |
| CVE-2025-63028 | WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability |
| CVE-2025-63031 | WordPress EasyTest plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-62145 | WordPress DMCA Protection Badge plugin <= 2.2.0 - Broken Access Control vulnerability |
| CVE-2025-62147 | WordPress Realbig plugin <= 1.1.3 - Broken Access Control vulnerability |
| CVE-2025-6215 | Omnishop <= 1.0.9 - Missing Registration Restriction to Unauthenticated Account Creation via /users/register REST Endpoint |
| CVE-2025-62150 | WordPress History Timeline plugin <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2025-62151 | WordPress Virtuaria PagBank / PagSeguro para Woocommerce plugin <= 3.6.3 - Broken Access Control vulnerability |
| CVE-2025-62152 | WordPress ConveyThis plugin <= 268.10 - Broken Access Control vulnerability |
| CVE-2025-62153 | WordPress Quick Interest Slider plugin <= 3.1.5 - Broken Access Control vulnerability |
| CVE-2025-62154 | WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One plugin <= 1.1.7 - Broken Access... |
| CVE-2025-6380 | ONLYOFFICE Docs 1.1.0 - 2.2.0 - Missing Authorization to Unauthenticated Privilege Escalation via callback Function |
| CVE-2025-64323 | kgateway is missing xDS authorization |
| CVE-2025-64348 | ELOG configuration file authorization bypass |
| CVE-2025-63034 | WordPress Page View Count plugin <= 2.8.7 - Settings Change vulnerability |
| CVE-2025-63038 | WordPress WP Custom Admin Interface plugin <= 7.40 - Broken Access Control vulnerability |
| CVE-2025-63039 | WordPress ListingPro theme <= 2.9.9 - Broken Access Control vulnerability |
| CVE-2025-63047 | WordPress ListingPro theme <= 2.9.9 - Broken Access Control vulnerability |
| CVE-2025-63049 | WordPress ListingPro Lead Form plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2025-63054 | WordPress Quiz And Survey Master plugin <= 10.3.1 - Broken Access Control vulnerability |
| CVE-2025-63056 | WordPress Contact Form by BestWebSoft plugin <= 4.3.5 - Broken Access Control vulnerability |
| CVE-2025-63063 | WordPress Yandex.Metrica plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-63067 | WordPress Porto Theme - Functionality plugin <= 3.6.2 - Broken Access Control vulnerability |
| CVE-2025-63069 | WordPress Ivory Search plugin <= 5.5.12 - Broken Access Control vulnerability |
| CVE-2025-63077 | WordPress Happy Addons for Elementor plugin <= 3.20.2 - Broken Access Control vulnerability |
| CVE-2025-6341 | code-projects School Fees Payment System cross-site request forgery |
| CVE-2025-64171 | MARIN3R: Cross-Namespace Vulnerability in the Operator |
| CVE-2025-64179 | lakeFS: Unauthenticated access to API usage metrics |
| CVE-2025-64192 | WordPress XStore theme < 9.6 - Broken Access Control vulnerability |
| CVE-2025-64199 | WordPress wpresidence theme <= 5.3.2 - Broken Access Control vulnerability |
| CVE-2025-64209 | WordPress Masterstudy theme < 4.8.122 - Broken Access Control vulnerability |
| CVE-2025-64210 | WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2025-64211 | WordPress Masterstudy Elementor Widgets plugin <= 1.2.4 - Broken Access Control vulnerability |
| CVE-2025-64212 | WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability |
| CVE-2025-64214 | WordPress MasterStudy LMS Pro plugin < 4.7.16 - Arbitrary Content Deletion vulnerability |
| CVE-2025-64219 | WordPress Business Directory plugin <= 6.4.18 - Broken Access Control vulnerability |
| CVE-2025-64222 | WordPress WooCommerce Recover Abandoned Cart plugin <= 24.6.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-64229 | WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - Broken Access Control vulnerability |
| CVE-2025-64234 | WordPress Evergreen Content Poster plugin <= 1.4.5 - Broken Access Control vulnerability |
| CVE-2025-64238 | WordPress WPS Bidouille plugin <= 1.33.1 - Broken Access Control vulnerability |
| CVE-2025-64241 | WordPress WP Coupons and Deals plugin <= 3.2.4 - Broken Access Control vulnerability |
| CVE-2025-64242 | WordPress Easy Property Listings plugin <= 3.5.15 - Broken Access Control vulnerability |
| CVE-2025-64243 | WordPress Directory Pro plugin <= 2.5.6 - Broken Access Control vulnerability |
| CVE-2025-64244 | WordPress Restrict Elementor Widgets, Columns and Sections plugin <= 1.12 - Broken Access Control vulnerability |
| CVE-2025-64245 | WordPress Import external attachments plugin <= 1.5.12 - Broken Access Control vulnerability |
| CVE-2025-64246 | WordPress Accessibility by AudioEye plugin <= 1.0.49 - Broken Access Control vulnerability |
| CVE-2025-64349 | ELOG user profile missing authorization |
| CVE-2025-64350 | WordPress Rank Math SEO plugin <= 1.0.252.1 - Broken Access Control vulnerability |
| CVE-2025-64352 | WordPress Essential Addons for Elementor plugin <= 6.2.4 - Broken Access Control vulnerability |
| CVE-2025-64356 | WordPress Insert PHP Code Snippet plugin <= 1.4.3 - Broken Access Control vulnerability |
| CVE-2025-64358 | WordPress Smart Coupons for WooCommerce plugin <= 2.2.3 - Broken Access Control vulnerability |
| CVE-2025-64369 | WordPress Contact Form Email plugin <= 1.3.58 - Broken Access Control vulnerability |
| CVE-2025-64370 | WordPress YOP Poll plugin <= 6.5.38 - Broken Access Control vulnerability |
| CVE-2025-64247 | WordPress Read More & Accordion plugin <= 3.5.4.1 - Broken Access Control vulnerability |
| CVE-2025-64248 | WordPress Request a Quote plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2025-64249 | WordPress Protect WP Admin plugin <= 4.1 - Broken Access Control vulnerability |
| CVE-2025-64251 | WordPress Ultimate Learning Pro plugin <= 3.9.3 - Arbitrary Content Deletion vulnerability |
| CVE-2025-64254 | WordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerability |
| CVE-2025-64255 | WordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerability |
| CVE-2025-64257 | WordPress My Tickets plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2025-64259 | WordPress Theater for WordPress plugin <= 0.18.8 - Broken Access Control vulnerability |
| CVE-2025-64261 | WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability |
| CVE-2025-64263 | WordPress WP Content Pilot plugin <= 2.1.7 - Broken Access Control vulnerability |
| CVE-2025-64265 | WordPress Frontend File Manager plugin <= 23.2 - Broken Access Control vulnerability |
| CVE-2025-64268 | WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability |
| CVE-2025-64269 | WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.150 - Broken Access Control vulnerability |
| CVE-2025-64273 | WordPress Email marketing for WordPress by GetResponse Official plugin <= 1.5.3 - Broken Access Control vulnerability |
| CVE-2025-64274 | WordPress WPKoi Templates for Elementor plugin <= 3.4.4 - Broken Access Control vulnerability |
| CVE-2025-64276 | WordPress Survey Maker plugin <= 5.1.9.4 - Broken Access Control vulnerability |
| CVE-2025-64375 | WordPress WP Social Ninja plugin <= 3.20.1 - Broken Access Control vulnerability |
| CVE-2025-64378 | WordPress ListingPro theme < 2.9.10 - Broken Access Control vulnerability |
| CVE-2025-64379 | WordPress Booster for WooCommerce plugin <= 7.4.0 - Broken Access Control vulnerability |
| CVE-2025-64382 | WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.7 - Broken Access Control vulnerability |
| CVE-2025-64384 | WordPress JetFormBuilder plugin <= 3.5.3 - Broken Access Control vulnerability |
| CVE-2025-48079 | WordPress ProfileGrid <= 5.9.5.1 - Broken Access Control Vulnerability |
| CVE-2025-48096 | WordPress Custom CSS plugin <= 1.4.0 - Broken Access Control vulnerability |
| CVE-2025-48108 | WordPress School Management Plugin <= 93.2.0 - Broken Access Control Vulnerability |
| CVE-2025-48116 | WordPress EventON <= 2.4.4 - Broken Access Control Vulnerability |
| CVE-2025-48117 | WordPress WooCommerce POS <= 1.7.8 - Broken Access Control Vulnerability |
| CVE-2025-48127 | WordPress Push notification for Mobile and Web app <= 2.0.3 - Broken Access Control Vulnerability |
| CVE-2025-48128 | WordPress Sharespine Woocommerce Connector <= 4.7.55 - Broken Access Control Vulnerability |
| CVE-2025-48133 | WordPress Uncanny Automator <= 6.4.0.2 - Broken Access Control Vulnerability |
| CVE-2025-48138 | WordPress BERTHA AI <= 1.12.11 - Broken Access Control Vulnerability |
| CVE-2025-48139 | WordPress StyleAI <= 1.0.4 - Broken Access Control Vulnerability |
| CVE-2025-48147 | WordPress CryptoCloud - Crypto Payment Gateway <= 2.1.2 - Broken Access Control Vulnerability |
| CVE-2025-48150 | WordPress Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin plugin <= 4.48 - Broken Access Control Vu... |
| CVE-2025-64520 | GLPI vulnerable to unauthorized access to restricted Knowledge Base items through the API |
| CVE-2025-6476 | SourceCodester Gym Management System cross-site request forgery |
| CVE-2025-64401 | Apache OpenOffice: Remote documents loaded without prompt via IFrame |
| CVE-2025-64402 | Apache OpenOffice: Remote documents loaded without prompt via OLE objects |
| CVE-2025-64277 | WordPress ChatBot plugin <= 7.3.9 - Broken Access Control vulnerability |
| CVE-2025-64285 | WordPress Premmerce Wholesale Pricing for WooCommerce plugin <= 1.1.10 - Broken Access Control vulnerability |
| CVE-2025-64294 | WordPress WP Snow Effect plugin <= 1.1.15 - Broken Access Control to Notice Dismissal vulnerability |
| CVE-2025-64296 | WordPress Facebook for WooCommerce plugin <= 3.5.7 - Broken Access Control to Notice Dismissal vulnerability |
| CVE-2025-64630 | WordPress Business Directory plugin <= 6.4.19 - Broken Access Control vulnerability |
| CVE-2025-64631 | WordPress WCFM Marketplace plugin <= 3.6.15 - Broken Access Control vulnerability |
| CVE-2025-64632 | WordPress Google XML Sitemaps plugin <= 4.1.21 - Broken Access Control vulnerability |
| CVE-2025-64634 | WordPress Avada theme <= 7.13.1 - Broken Access Control vulnerability |
| CVE-2025-64635 | WordPress Feeds for YouTube plugin <= 2.4.0 - Broken Access Control vulnerability |
| CVE-2025-64638 | WordPress OnPay.io for WooCommerce plugin <= 1.0.47 - Broken Access Control vulnerability |
| CVE-2025-64639 | WordPress WP Compress for MainWP plugin <= 6.50.07 - Broken Access Control vulnerability |
| CVE-2025-64729 | AVEVA Process Optimization Missing Authorization |
| CVE-2025-66054 | WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability |
| CVE-2025-66058 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability |
| CVE-2025-66060 | WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability |
| CVE-2025-64403 | Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc |
| CVE-2025-64404 | Apache OpenOffice: Remote documents loaded without prompt via background and bullet images |
| CVE-2025-64405 | Apache OpenOffice: Remote documents loaded without prompt via DDE function |
| CVE-2025-66063 | WordPress WP Google Review Slider plugin <= 17.4 - Broken Access Control vulnerability |
| CVE-2025-66065 | WordPress Gutenverse plugin <= 3.2.1 - Broken Access Control vulnerability |
| CVE-2025-66068 | WordPress InstaWP Connect plugin <= 0.1.1.9 - Broken Access Control vulnerability |
| CVE-2025-66069 | WordPress PPOM for WooCommerce plugin <= 33.0.16 - Broken Access Control vulnerability |
| CVE-2025-66070 | WordPress wpForo Forum plugin <= 2.4.10 - Broken Access Control vulnerability |
| CVE-2025-66071 | WordPress Custom Order Numbers for WooCommerce plugin <= 1.11.0 - Broken Access Control vulnerability |
| CVE-2025-66072 | WordPress UsersWP plugin <= 1.2.47 - Broken Access Control vulnerability |
| CVE-2025-66075 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Control vulnerability |
| CVE-2025-66077 | WordPress Legal Pages plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2025-66079 | WordPress Gutenverse Form plugin <= 2.2.0 - Broken Access Control vulnerability |
| CVE-2025-66080 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.3 - Broken Access Control vulnerability |
| CVE-2025-66082 | WordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerability |
| CVE-2025-66083 | WordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerability |
| CVE-2025-66084 | WordPress FluentCommunity plugin <= 2.0.0 - Broken Access Control vulnerability |
| CVE-2025-66085 | WordPress Arconix Shortcodes plugin <= 2.1.18 - Broken Access Control vulnerability |
| CVE-2025-66086 | WordPress SMS Alert Order Notifications plugin <= 3.8.8 - Broken Access Control vulnerability |
| CVE-2025-6478 | CodeAstro Expense Management System cross-site request forgery |
| CVE-2025-65020 | Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR) |
| CVE-2025-65021 | Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR) |
| CVE-2025-65028 | Rallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant Votes |
| CVE-2025-65029 | Rallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll Participants |
| CVE-2025-65036 | XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro |
| CVE-2025-65089 | XWiki view file macro: User can view content of office file without view rights on the attachment |
| CVE-2025-65112 | PubNet Critical Authentication Bypass Allows Unauthenticated Package Upload and Identity Spoofing |
| CVE-2025-66402 | misskey.js's export data contains private post data |
| CVE-2025-66525 | WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability |
| CVE-2025-66526 | WordPress Tablesome plugin <= 1.1.34 - Broken Access Control vulnerability |
| CVE-2025-66527 | WordPress Lobo theme <= 2.8.6 - Broken Access Control vulnerability |
| CVE-2025-66528 | WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulnerability |
| CVE-2025-66530 | WordPress Webba Booking plugin <= 6.2.1 - Broken Access Control vulnerability |
| CVE-2025-66087 | WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability |
| CVE-2025-66088 | WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability |
| CVE-2025-66089 | WordPress Product Feed for WooCommerce plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2025-66096 | WordPress Table Block by Tableberg plugin <= 0.6.9 - Broken Access Control vulnerability |
| CVE-2025-66099 | WordPress Chat Help plugin <= 3.1.3 - Broken Access Control vulnerability |
| CVE-2025-66100 | WordPress RestroPress plugin <= 3.2.3.5 - Broken Access Control vulnerability |
| CVE-2025-66101 | WordPress CBX Bookmark & Favorite plugin <= 2.0.1 - Broken Access Control vulnerability |
| CVE-2025-66104 | WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.9.5 - Broken Access Control vulnerability |
| CVE-2025-66106 | WordPress Featured Post Creative plugin <= 1.5.5 - Broken Access Control vulnerability |
| CVE-2025-66107 | WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Broken Access Control vulnerability |
| CVE-2025-66108 | WordPress TNC Toolbox: Web Performance plugin <= 2.0.4 - Broken Access Control vulnerability |
| CVE-2025-66109 | WordPress Cart Weight for WooCommerce plugin <= 1.9.11 - Broken Access Control vulnerability |
| CVE-2025-66110 | WordPress Tiktok Feed plugin <= 1.0.22 - Broken Access Control vulnerability |
| CVE-2025-66112 | WordPress Accessibility Toolkit by WebYes plugin <= 2.0.4 - Broken Access Control vulnerability |
| CVE-2025-66113 | WordPress Better Chat Support for Messenger plugin <= 1.2.18 - Broken Access Control vulnerability |
| CVE-2025-64407 | Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables |
| CVE-2025-6441 | Webinar Solution: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition <= 4.03.31 - Una... |
| CVE-2025-66114 | WordPress Show Variations as Single Products Woocommerce plugin <= 2.0 - Broken Access Control vulnerability |
| CVE-2025-66117 | WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability |
| CVE-2025-66120 | WordPress CatFolders plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2025-66121 | WordPress SiteGround Security plugin <= 1.5.8 - Broken Access Control vulnerability |
| CVE-2025-66122 | WordPress Stylish Price List plugin <= 7.2.2 - Broken Access Control vulnerability |
| CVE-2025-66124 | WordPress Leaky Paywall plugin <= 4.22.5 - Broken Access Control vulnerability |
| CVE-2025-66127 | WordPress Essential Real Estate plugin <= 5.2.2 - Broken Access Control vulnerability |
| CVE-2025-66128 | WordPress Sendinblue for WooCommerce plugin <= 4.0.49 - Broken Access Control vulnerability |
| CVE-2025-66129 | WordPress Pochipp plugin <= 1.18.0 - Broken Access Control vulnerability |
| CVE-2025-66130 | WordPress WP Views Counter plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2025-66131 | WordPress Yaad Sarig Payment Gateway For WC plugin <= 2.2.10 - Broken Access Control vulnerability |
| CVE-2025-66133 | WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.7 - Broken Access Control vulnerability |
| CVE-2025-66134 | WordPress FileBird Pro plugin <= 6.4.9 - Broken Access Control vulnerability |
| CVE-2025-66144 | WordPress Worker for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2025-66145 | WordPress Worker for WPBakery plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2025-66146 | WordPress Logger for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-67559 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Broken Access Control vulnerability |
| CVE-2025-66532 | WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability |
| CVE-2025-66534 | WordPress The Aisle theme <= 2.9 - Broken Access Control vulnerability |
| CVE-2025-6664 | CodeAstro Patient Record Management System cross-site request forgery |
| CVE-2025-6685 | ATEN eco DC Missing Authorization Privilege Escalation Vulnerability |
| CVE-2025-6718 | B1.lt for WooCommerce <= 2.2.56 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL Injection |
| CVE-2025-6720 | Vchasno Kasa <= 1.0.3 - Unauthenticated Log File Clearing |
| CVE-2025-6721 | Vchasno Kasa <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation |
| CVE-2025-6726 | Block Editor Gallery Slider <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Limited Post Meta Update |
| CVE-2025-6730 | Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success |
| CVE-2025-67466 | WordPress Trinity Audio plugin <= 5.23.3 - Broken Access Control vulnerability |
| CVE-2025-67468 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken... |
| CVE-2025-67474 | WordPress ForumWP plugin <= 2.1.4 - Broken Access Control vulnerability |
| CVE-2025-6754 | SEO Metrics <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-67540 | WordPress Animation Addons for Elementor plugin <= 2.4.5 - Arbitrary Content Deletion vulnerability |
| CVE-2025-66147 | WordPress Coder for Elementor plugin <= 1.0.13 - Broken Access Control vulnerability |
| CVE-2025-66148 | WordPress Conformer for Elementor plugin <= 1.0.7 - Broken Access Control vulnerability |
| CVE-2025-66149 | WordPress UnGrabber plugin <= 3.1.3 - Broken Access Control vulnerability |
| CVE-2025-66150 | WordPress Appender plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2025-66151 | WordPress Countdowner for Elementor plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-66152 | WordPress Criptopayer for Elementor plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-66153 | WordPress Headinger for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2025-66154 | WordPress Couponer for Elementor plugin <= 1.1.7 - Broken Access Control vulnerability |
| CVE-2025-66155 | WordPress Questionar for Elementor plugin <= 1.1.7 - Broken Access Control vulnerability |
| CVE-2025-66156 | WordPress Watcher for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-66157 | WordPress Slider for Elementor plugin <= 1.0.10 - Broken Access Control vulnerability |
| CVE-2025-66158 | WordPress Gmaper for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-66159 | WordPress Walker for Elementor plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-67560 | WordPress Listdom plugin <= 5.0.1 - Broken Access Control vulnerability |
| CVE-2025-67561 | WordPress Debug Log Viewer plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2025-67562 | WordPress Image Caption Hover Pro plugin < 20.0 - Broken Access Control vulnerability |
| CVE-2025-67563 | WordPress Post SMTP plugin <= 3.6.1 - Broken Access Control vulnerability |
| CVE-2025-67566 | WordPress Woffice Core plugin <= 5.4.30 - Broken Access Control vulnerability |
| CVE-2025-67568 | WordPress Basel theme <= 5.9.1 - Broken Access Control vulnerability |
| CVE-2025-67548 | WordPress WP Delicious plugin <= 1.9.1 - Broken Access Control vulnerability |
| CVE-2025-67913 | WordPress Aruba HiSpeed Cache plugin < 3.0.3 - Broken Access Control vulnerability |
| CVE-2025-67917 | WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability |
| CVE-2025-67926 | WordPress Fluent Support plugin <= 1.10.4 - Broken Access Control vulnerability |
| CVE-2025-67929 | WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability |
| CVE-2025-67965 | WordPress Homey Core plugin <= 2.4.3 - Broken Access Control vulnerability |
| CVE-2025-67976 | WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability |
| CVE-2025-68036 | WordPress CubeWP plugin <= 1.1.27 - Broken Access Control vulnerability |
| CVE-2025-68084 | WordPress Ultimate Auction plugin <= 4.3.2 - Broken Access Control vulnerability |
| CVE-2025-68085 | WordPress Buttoner for Elementor plugin <= 1.0.6 - Settings Change vulnerability |
| CVE-2025-68086 | WordPress Reformer for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2025-68087 | WordPress Modalier for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability |
| CVE-2025-68088 | WordPress Huger for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability |
| CVE-2025-6813 | aapanel WP Toolkit 1.0 - 1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via auto_login() Fun... |
| CVE-2025-6814 | Booking X 1.0 - 1.1.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via export_now() Function |
| CVE-2025-67569 | WordPress AdForest theme <= 6.0.11 - Broken Access Control vulnerability |
| CVE-2025-67570 | WordPress WPForms Google Sheet Connector plugin <= 4.0.0 - Broken Access Control vulnerability |
| CVE-2025-67571 | WordPress WPFunnels plugin <= 3.6.2 - Broken Access Control vulnerability |
| CVE-2025-67572 | WordPress PenNews theme < 6.7.4 - Broken Access Control vulnerability |
| CVE-2025-67573 | WordPress Sailing theme < 4.4.6 - Broken Access Control vulnerability |
| CVE-2025-67574 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.30 - Broken Access Control vulnerability |
| CVE-2025-66160 | WordPress Select Graphist for Elementor Graphist for Elementor plugin <= 1.2.10 - Broken Access Control vulnerability |
| CVE-2025-66161 | WordPress Grider for Elementor plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2025-66162 | WordPress Spoter for Elementor plugin <= 1.04 - Broken Access Control vulnerability |
| CVE-2025-66163 | WordPress Masker for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability |
| CVE-2025-66164 | WordPress Laser plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2025-66165 | WordPress Lottier for WPBakery plugin <= 1.1.7 - Broken Access Control vulnerability |
| CVE-2025-66166 | WordPress Lottier for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-66167 | WordPress Lottier plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2025-68270 | CourseLimitedStaff Role Allows Studio Access |
| CVE-2025-68498 | WordPress JetTabs plugin <= 2.2.12 - Broken Access Control vulnerability |
| CVE-2025-68503 | WordPress JetBlog plugin <= 2.4.7 - Broken Access Control vulnerability |
| CVE-2025-68505 | WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability |
| CVE-2025-68508 | WordPress Brave plugin <= 0.8.3 - Broken Access Control vulnerability |
| CVE-2025-68511 | WordPress Gutenverse Form plugin <= 2.3.1 - Broken Access Control vulnerability |
| CVE-2025-68517 | WordPress Tablesome plugin <= 1.1.35.1 - Broken Access Control vulnerability |
| CVE-2025-68521 | WordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerability |
| CVE-2025-67575 | WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability |
| CVE-2025-67576 | WordPress Simple Link Directory plugin <= 8.8.3 - Broken Access Control vulnerability |
| CVE-2025-67577 | WordPress Easy Form Builder plugin <= 3.8.20 - Broken Access Control vulnerability |
| CVE-2025-67578 | WordPress WP Email Capture plugin <= 3.12.4 - Broken Access Control vulnerability |
| CVE-2025-67579 | WordPress User Extra Fields plugin <= 16.8 - Broken Access Control vulnerability |
| CVE-2025-67580 | WordPress Constant Contact + WooCommerce plugin <= 2.4.1 - Broken Access Control vulnerability |
| CVE-2025-67581 | WordPress TrueBooker plugin <= 1.1.0 - Broken Access Control vulnerability |
| CVE-2025-67582 | WordPress Wbcom Designs plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2025-67583 | WordPress IDonate plugin <= 2.1.15 - Broken Access Control vulnerability |
| CVE-2025-68522 | WordPress WpStream plugin <= 4.9.5 - Broken Access Control vulnerability |
| CVE-2025-68523 | WordPress Spiffy Calendar plugin <= 5.0.7 - Broken Access Control vulnerability |
| CVE-2025-68535 | WordPress Sunshine Photo Cart plugin <= 3.5.7.1 - Broken Access Control vulnerability |
| CVE-2025-68547 | WordPress Follow My Blog Post plugin <= 2.4.0 - Arbitrary Content Deletion vulnerability |
| CVE-2025-68556 | WordPress HAPPY plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-68557 | WordPress Chakra test plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-68565 | WordPress Twitch Player plugin <= 2.1.3 - Broken Access Control vulnerability |
| CVE-2025-68568 | WordPress Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture & Lead Generation forms maker p... |
| CVE-2025-68569 | WordPress WP Time Slots Booking Form plugin <= 1.2.38 - Broken Access Control vulnerability |
| CVE-2025-68571 | WordPress SALESmanago plugin <= 3.9.0 - Broken Access Control vulnerability |
| CVE-2025-68572 | WordPress BBP Core plugin <= 1.4.1 - Broken Access Control vulnerability |
| CVE-2025-68575 | WordPress Wappointment plugin <=2.7.2 - Broken Access Control vulnerability |
| CVE-2025-68577 | WordPress Virusdie plugin <= 1.1.6 - Broken Access Control vulnerability |
| CVE-2025-68578 | WordPress Addonify plugin <= 2.0.4 - Broken Access Control vulnerability |
| CVE-2025-68579 | WordPress FV Simpler SEO plugin <= 1.9.6 - Broken Access Control vulnerability |
| CVE-2025-68581 | WordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerability |
| CVE-2025-68920 | C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files... |
| CVE-2025-68947 | NSecsoft NSecKrnl process termination privilege escalation |
| CVE-2025-68976 | WordPress Eagle Booking plugin <= 1.3.4.3 - Settings Change vulnerability |
| CVE-2025-68980 | WordPress WeDesignTech Portfolio plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2025-68981 | WordPress HomeFix Elementor Portfolio plugin <= 1.0.1 - Broken Access Control vulnerability |
| CVE-2025-68982 | WordPress DesignThemes LMS Addon plugin <= 2.6 - Broken Access Control vulnerability |
| CVE-2025-68993 | WordPress Share, Print and PDF Products for WooCommerce plugin <= 3.1.2 - Broken Access Control vulnerability |
| CVE-2025-68994 | WordPress Product Loops for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2025-68995 | WordPress My Sticky Elements plugin <= 2.3.3 - Broken Access Control vulnerability |
| CVE-2025-69009 | WordPress Medicalequipment theme <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-69010 | WordPress Themebeez Toolkit plugin <= 1.3.5 - Broken Access Control vulnerability |
| CVE-2025-69012 | WordPress Event Organiser plugin <= 3.12.8 - Broken Access Control vulnerability |
| CVE-2025-69013 | WordPress Stratum plugin <= 1.6.1 - Broken Access Control vulnerability |
| CVE-2025-69015 | WordPress Crowdsignal Forms plugin <= 1.7.2 - Broken Access Control vulnerability |
| CVE-2025-69016 | WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.12 - Broken Access Control vulnerability |
| CVE-2025-69022 | WordPress HR Management Lite plugin <= 3.5 - Broken Access Control vulnerability |
| CVE-2025-67584 | WordPress GoDAM plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2025-67586 | WordPress Highlight and Share plugin <= 5.2.0 - Broken Access Control vulnerability |
| CVE-2025-67588 | WordPress Elementor Website Builder plugin <= 3.33.0 - Broken Access Control vulnerability |
| CVE-2025-67589 | WordPress WooCommerce PDF Invoices & Packing Slips plugin <= 4.9.1 - Broken Access Control vulnerability |
| CVE-2025-67592 | WordPress My Calendar plugin <= 3.6.16 - Broken Access Control vulnerability |
| CVE-2025-67597 | WordPress Fluent Booking plugin <= 1.9.11 - Broken Access Control vulnerability |
| CVE-2025-67599 | WordPress WebToffee eCommerce Marketing Automation plugin <= 2.1.1 - Broken Access Control vulnerability |
| CVE-2025-68582 | WordPress Funnelforms Free plugin <= 3.8 - Broken Access Control vulnerability |
| CVE-2025-68585 | WordPress WP Document Revisions plugin <= 3.7.2 - Broken Access Control vulnerability |
| CVE-2025-68586 | WordPress Cooked plugin <= 1.11.2 - Broken Access Control vulnerability |
| CVE-2025-68587 | WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability |
| CVE-2025-68588 | WordPress TS Poll plugin <= 2.5.3 - Broken Access Control vulnerability |
| CVE-2025-68589 | WordPress WP Telegram Widget and Join Link plugin <= 2.2.11 - Broken Access Control vulnerability |
| CVE-2025-68591 | WordPress Simple File List plugin <= 6.1.15 - Broken Access Control vulnerability |
| CVE-2025-68592 | WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability |
| CVE-2025-68593 | WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability |
| CVE-2025-68594 | WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin <= 19.12.1 - Broken Access Control vulnerability |
| CVE-2025-68595 | WordPress Widgets for Social Photo Feed plugin <= 1.7.7 - Broken Access Control vulnerability |
| CVE-2025-68596 | WordPress Bit Assist plugin <= 1.5.11 - Broken Access Control vulnerability |
| CVE-2025-68603 | WordPress Editorial Calendar plugin <= 3.8.8 - Broken Access Control vulnerability |
| CVE-2025-68608 | WordPress Userpro plugin <= 5.1.9 - Broken Access Control vulnerability |
| CVE-2025-6864 | SeaCMS admin_type.php cross-site request forgery |
| CVE-2025-6865 | DaiCuo index cross-site request forgery |
| CVE-2025-68850 | WordPress Sell Downloads plugin <= 1.1.12 - Broken Access Control vulnerability |
| CVE-2025-67737 | AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE |
| CVE-2025-7956 | Ajax Search Lite <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search... |
| CVE-2025-68861 | WordPress Plugin Optimizer plugin <= 1.3.7 - Broken Access Control vulnerability |
| CVE-2025-7040 | Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Actio... |
| CVE-2025-7047 | Missing Authorization in Utarit Informatics' SoliClub |
| CVE-2025-7078 | 07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgery |
| CVE-2025-7133 | CodeAstro Online Movie Ticket Booking System cross-site request forgery |
| CVE-2025-7499 | BetterDocs <= 4.1.1 - Missing Authorization to Private And Password-Protected Posts Information Disclosure |
| CVE-2025-7663 | Ovatheme Events Manager <= 1.8.6 - Missing Authorization |
| CVE-2025-7664 | Al Pack <= 1.0.2 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function |
| CVE-2025-7665 | Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation |
| CVE-2025-7689 | Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_passw... |
| CVE-2025-7695 | Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_passw... |
| CVE-2025-7717 | File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089 |
| CVE-2025-7756 | code-projects E-Commerce Site cross-site request forgery |
| CVE-2025-8059 | B Blocks <= 2.0.6 - Missing Authorization to Unauthenticated Privilege Escalation via rgfr_registration Function |
| CVE-2025-8152 | WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons <= 1.7.0 - Missing Authorization to Unauthenticated Sticky Status... |
| CVE-2025-8223 | jerryshensjf JPACookieShop 蛋糕商城JPA版 AdminTypeCustController.java cross-site request forgery |
| CVE-2025-8268 | Ai Engine <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion |
| CVE-2025-8285 | Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin |
| CVE-2025-8310 | Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a rem... |
| CVE-2025-8322 | Ventem|e-School - Missing Authorization |
| CVE-2025-8335 | code-projects Simple Car Rental System cross-site request forgery |
| CVE-2025-8342 | WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass |
| CVE-2025-8357 | Media Library Assistant <= 3.27 - Authenticated (Author+) Limited File Deletion |
| CVE-2025-8418 | B Slider- Gutenberg Slider Block for WP <= 1.1.30 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Plugin Ins... |
| CVE-2025-8423 | My WP Translate <= 1.1 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Option Read and Deletion |
| CVE-2025-8425 | My WP Translate <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2025-8434 | code-projects Online Movie Streaming admin.php authorization |
| CVE-2025-8435 | code-projects Online Movie Streaming admin-control.php authorization |
| CVE-2025-8446 | Blaze Demo Importer <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install |
| CVE-2025-8482 | Simple Local Avatars <= 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Avatar Migration |
| CVE-2025-8487 | Kubio AI Page Builder <= 2.6.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation |
| CVE-2025-8488 | Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) <= 2.4.6 - Missing Authorization to Authenticated... |
| CVE-2025-8492 | Salon Booking System <= 10.20 - Missing Authorization to Unauthenticated AJAX Actions Execution |
| CVE-2025-8505 | 495300897 wx-shop cross-site request forgery |
| CVE-2025-8565 | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.4.3 - Missing Authorization to... |
| CVE-2025-8593 | GSheetConnector For Gravity Forms <= 1.3.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installat... |
| CVE-2025-8595 | Zakra <= 4.1.5 - Missing Authorization to Subscriber+ Demo Import |
| CVE-2025-8682 | Newsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation |
| CVE-2025-8712 | Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Ga... |
| CVE-2025-8739 | zhenfeng13 My-Blog save cross-site request forgery |
| CVE-2025-8778 | NitroPack <= 1.18.4 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update via nitropack_set_compress... |
| CVE-2025-8796 | LitmusChaos Litmus Delete Request delete_project authorization |
| CVE-2025-8807 | xujeff tianti 天梯 save authorization |
| CVE-2025-8814 | atjiu pybbs CookieUtil.java setCookie cross-site request forgery |
| CVE-2025-8886 | Authorization Bypass in Usta Information Systems' Aybs Interaktif |
| CVE-2025-8887 | IDOR in Usta Information Systems' Aybs Interaktif |
| CVE-2025-8898 | Taxi Booking Manager for Woocommerce | E-cab <= 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation via Acc... |
| CVE-2025-8992 | mtons mblog cross-site request forgery |
| CVE-2025-8996 | Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097 |
| CVE-2025-8999 | Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update |
| CVE-2025-9018 | Time Tracker <= 3.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Limited Data Deleti... |
| CVE-2025-9029 | WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authenti... |
| CVE-2025-9054 | MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Op... |
| CVE-2025-9076 | Mattermost Server exposes sensitive user credentials during shared channel membership synchronization |
| CVE-2025-9133 | A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmwar... |
| CVE-2025-9194 | Constructor <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean |
| CVE-2025-9202 | ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation |
| CVE-2025-9218 | rtMedia for WordPress, BuddyPress and bbPress 4.7.0 - 4.7.3 - Missing Authorization to Unauthenticated Information Disclosure... |
| CVE-2025-9219 | Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update |
| CVE-2025-9243 | Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orders/update_order_status F... |
| CVE-2025-9331 | Spacious <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import |
| CVE-2025-9542 | AutomatorWP <= 5.3.7 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions |
| CVE-2025-9544 | Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation |
| CVE-2025-9549 | Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099 |
| CVE-2025-9637 | Quiz and Survey Master (QSM) <= 10.3.1 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Informatio... |
| CVE-2025-9747 | Koillection csrf_protection_controller.js cross-site request forgery |
| CVE-2025-9825 | Missing Authorization in GitLab |
| CVE-2025-9954 | Acquia DAM - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-105 |
| CVE-2025-9979 | Maspik <= 2.5.6 - Authenticated (Subscriber+) Missing Authorization to Spam Log Export |
| CVE-2025-9984 | Featured Image from URL (FIFU) <= 5.2.7 - Missing Authorization to Password Protected Post Disclosure |
| CVE-2026-0497 | Missing Authorization check in Business Server Pages Application (Product Designer Web UI) |
| CVE-2026-0503 | Missing Authorization check in in SAP ERP Central Component and SAP S/4HANA (SAP EHS Management) |
| CVE-2026-0506 | Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform |
| CVE-2026-0511 | Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation) |
| CVE-2026-0635 | Responsive Accordion Slider <= 1.2.2 - Missing Authorization to Authenticated (Contributor+) Slider Update via 'resp_accordio... |
| CVE-2026-0656 | iPaymu Payment Gateway for WooCommerce <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Informat... |
| CVE-2026-0674 | WordPress Campaign Monitor for WordPress plugin <= 2.9.0 - Broken Access Control vulnerability |
| CVE-2026-0676 | WordPress Zorka theme <= 1.5.7 - Broken Access Control vulnerability |
| CVE-2026-0817 | CampaignEvents API missing authorization exposes meeting and chat URLs |
| CVE-2026-0820 | RepairBuddy <= 4.1116 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Signature Upload to Orders |
| CVE-2026-1000 | MailerLite - WooCommerce integration <= 3.1.3 - Missing Authorization to Data Deletion |
| CVE-2026-1003 | GetGenie – AI Content Writer with Keyword Research & SEO Tracking Tools <= 4.3.0 - Missing Authorization to Authenticated (Au... |
| CVE-2026-1004 | Essential Addons for Elementor <= 6.5.5 - Missing Authorization to Unauthenticated Sensitive Information Exposure |
| CVE-2026-1142 | PHPGurukul News Portal cross-site request forgery |
| CVE-2025-69023 | WordPress Discussion Board plugin <= 2.5.7 - Broken Access Control vulnerability |
| CVE-2025-69024 | WordPress BizPrint plugin <= 4.6.7 - Broken Access Control vulnerability |
| CVE-2025-69027 | WordPress Product Delivery Date for WooCommerce – Lite plugin <= 3.2.0 - Broken Access Control vulnerability |
| CVE-2025-69028 | WordPress weForms plugin <= 1.6.25 - Broken Access Control vulnerability |
| CVE-2025-69031 | WordPress Arcane theme <= 3.6.6 - Broken Access Control vulnerability |
| CVE-2025-69091 | WordPress Demo Importer Plus plugin <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2025-69093 | WordPress ShopMagic plugin <= 4.7.2 - Broken Access Control vulnerability |
| CVE-2025-69220 | LibreChat has Insufficient Access Control for Agent Files |
| CVE-2025-69221 | LibreChat has Insufficient Access Control for Agent Permission Queries |
| CVE-2025-69327 | WordPress Car Rental Manager plugin <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-69331 | WordPress Theater for WordPress plugin <= 0.19 - Broken Access Control vulnerability |
| CVE-2025-69333 | WordPress JetEngine plugin <= 3.8.1.1 - Broken Access Control vulnerability |
| CVE-2025-69336 | WordPress Ultimate Store Kit Elementor Addons plugin <= 2.9.4 - Broken Access Control vulnerability |
| CVE-2025-69341 | WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.3 - Broken Access Control vulnerability |
| CVE-2025-69344 | WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability |
| CVE-2026-1148 | SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System cross-site request forgery |
| CVE-2026-1153 | technical-laohu mpay cross-site request forgery |
| CVE-2026-1169 | birkir prime cross-site request forgery |
| CVE-2026-23477 | Rocket.Chat Unauthorized Access to OAuth App Details |
| CVE-2026-23522 | Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion |
| CVE-2025-69345 | WordPress Post and Page Builder by BoldGrid plugin <= 1.27.9 - Broken Access Control vulnerability |
| CVE-2025-69346 | WordPress AffiliateX plugin <= 1.3.9.3 - Broken Access Control vulnerability |
| CVE-2025-69348 | WordPress The Events Calendar Countdown Addon plugin <= 1.4.15 - Broken Access Control vulnerability |
| CVE-2025-69349 | WordPress RSS Feed Widget plugin <= 3.0.2 - Broken Access Control vulnerability |
| CVE-2025-69352 | WordPress The Events Calendar plugin <= 6.15.12.2 - Broken Access Control vulnerability |
| CVE-2025-69353 | WordPress Proxy & VPN Blocker plugin <= 3.5.3 - Broken Access Control vulnerability |
| CVE-2025-69354 | WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability |
| CVE-2025-69355 | WordPress Tickera plugin <= 3.5.6.4 - Broken Access Control vulnerability |
| CVE-2025-69359 | WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability |
| CVE-2025-69361 | WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability |
| CVE-2025-69363 | WordPress Responsive Addons for Elementor plugin <= 2.0.8 - Broken Access Control vulnerability |
| CVE-2025-69364 | WordPress Breeze plugin <= 2.2.21 - Broken Access Control vulnerability |
| CVE-2025-6993 | Ultimate WP Mail 1.0.17 - 1.3.6 - Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_lo... |
| CVE-2026-21429 | Emlog has Broken Access Control (BAC) |
| CVE-2026-22486 | WordPress Re Gallery – Responsive Photo Gallery plugin plugin <= 1.17.18 - Broken Access Control vulnerability |
| CVE-2026-22487 | WordPress Speed Kit plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2026-22488 | WordPress Dashboard Welcome for Beaver Builder plugin <= 1.0.8 - Broken Access Control vulnerability |
| CVE-2026-22490 | WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - Broken Access Control vulnerability |
| CVE-2026-22492 | WordPress Docket Cache plugin <= 24.07.04 - Broken Access Control vulnerability |
| CVE-2026-22517 | WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability |
| CVE-2026-22522 | WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability |
| CVE-2026-23875 | CrawlChat's Discord Bot has a Knowledge Permission vulnerability |
| CVE-2026-23721 | OpenProject users with "View Members" permission in any project can view all Group memberships |
| CVE-2025-7772 | Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscrib... |
| CVE-2025-7782 | WP JobHunt <= 7.7 - Missing Authorization to Authenticated (Candidate+) Stored Cross-Site Scripting via 'status' |
| CVE-2025-7821 | WC Plus <= 1.2.0 - Missing Authorization to Unauthenticated Settings Manipulation |
| CVE-2025-7822 | WP Wallcreeper <= 1.6.1 - Missing Authorization to Authenticated (Susbcriber+) Cache Enable/Disable |
| CVE-2025-7827 | Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-7828 | WP Filter & Combine RSS Feeds <= 0.4 - Missing Authorization to Authenticated (Contributor+) Feed Deletion |
| CVE-2025-7834 | PHPGurukul Complaint Management System cross-site request forgery |
| CVE-2025-50028 | WordPress Ultimate Push Notifications plugin <= 1.1.9 - Broken Access Control Vulnerability |
| CVE-2025-50029 | WordPress AI Tools <= 4.0.7 - Arbitrary Content Deletion Vulnerability |
| CVE-2025-50031 | WordPress DB Backup <= 6.0 - Broken Access Control Vulnerability |
| CVE-2025-50032 | WordPress Paytiko for WooCommerce <= 1.3.14 - Broken Access Control Vulnerability |
| CVE-2025-50034 | WordPress Enhanced Blocks – Page Builder Blocks for Gutenberg plugin <= 1.4.1 - Broken Access Control Vulnerability |
| CVE-2025-50039 | WordPress VG WORT METIS <= 2.0.0 - Broken Access Control Vulnerability |
| CVE-2025-50171 | Remote Desktop Spoofing Vulnerability |
| CVE-2025-5018 | Hive Support <= 1.2.4 - Authenticated (Subscriber+) Missing Authorization via hs_update_ai_chat_settings and hive_lite_suppor... |
| CVE-2025-5033 | XiaoBingby TeaCMS addUser cross-site request forgery |
НКЦКИ уязвимости
Бюллетени НКЦКИ - уязвимости ПО
| Идентификатор | Дата бюллетеня | Описание |
|---|---|---|
| VULN:20230724-11 | 24.07.2023 | Обход безопасности в NETGEAR NMS300 |
| VULN:20231122-29 | 22.11.2023 | Выполнение произвольного кода в NEC Corporation EXPRESSCLUSTER X and EXPRESSCLUSTER SingleServerSafe |
| VULN:20240126-19 | 26.01.2024 | Выполнение произвольного кода в GoAnywhere MFT |
| VULN:20240320-6 | 20.03.2024 | Получение конфиденциальной информации в Chrome OS |
| VULN:20240403-1 | 03.04.2024 | Выполнение произвольного кода в Anyscale Ray |
| VULN:20240419-26 | 19.04.2024 | Обход безопасности в Oracle Linux |
| VULN:20240517-65 | 17.05.2024 | Повышение привилегий в macOS |
| VULN:20240605-22 | 05.06.2024 | Перезапись произвольных файлов в Unifier |
| VULN:20241202-86 | 02.12.2024 | Выполнение произвольного кода в NVIDIA Base Command Manager |
| VULN:20241213-111 | 13.12.2024 | Получение конфиденциальной информации в Schneider Electric EcoStruxure IT Gateway |
| VULN:20241227-40 | 27.12.2024 | Выполнение произвольного кода в Dell Hybrid Client |
| VULN:20250110-42 | 10.01.2025 | Перезапись произвольных файлов в Junos Space |
| VULN:20250430-17 | 30.04.2025 | Получение конфиденциальной информации в Flynax Bridge plugin for WordPress |
| VULN:20250625-26 | 25.06.2025 | Чтение локальных файлов в Adobe Commerce and Magento Open Source |
| VULN:20251031-5 | 31.10.2025 | Получение конфиденциальной информации в Zyxel firewalls |
| VULN:20251031-65 | 31.10.2025 | Получение конфиденциальной информации в Junos Space Security Director |
| VULN:20251124-65 | 24.11.2025 | Обход безопасности в Junos Space Security Director |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.