| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in Wordapp Team Wordapp allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordapp: from n/a through 1.7.0. |
| Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Direct Checkout for WooCommerce Lite: from n/a through 1.0.3. |
| Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5. |
| Missing Authorization vulnerability in SolaPlugins Sola Support Ticket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sola Support Ticket: from n/a through 3.17. |
| Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Interactive Regional Map of Florida: from n/a through 1.0. |
| Missing Authorization vulnerability in Team Heateor Super Socializer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Socializer: from n/a through 7.13.54. |
| Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.0. |
| Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2. |
| Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3. |
| The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with subscriber access and above, to fully control the plugin which includes the ability to modify plugin settings and profiles, and create, edit, retrieve, and delete templates and barcodes. |
| The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1. This makes it possible for unauthenticated attackers to modify the site's Google Analytics tracking ID. |
| The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings. |
| Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0. |
| An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. |
| The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users. |
| The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, and including, 4.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to send a canned email to the site's administrator asking to delete the profile of an arbitrary vendor. |
| The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page. |
| The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin's templates. |
| The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the "boards" taxonomy. |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. |
