Total
4694 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38702 | 1 Tychesoftwares | 1 Product Delivery Date For Woocommerce Lite | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.2. | ||||
| CVE-2024-37510 | 1 Wpcharitable | 1 Charitable | 2024-11-01 | 6.5 Medium |
| Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7. | ||||
| CVE-2024-37506 | 1 Wpcharitable | 1 Charitable | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in Charitable Donations & Fundraising Team Charitable allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Charitable: from n/a through 1.8.1.7. | ||||
| CVE-2024-37249 | 2024-11-01 | 4.3 Medium | ||
| Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1. | ||||
| CVE-2024-37226 | 1 Kanbanwp | 1 Kanban Boards For Wordpress | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in Kanban for WordPress Kanban Boards for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21. | ||||
| CVE-2024-37119 | 1 Uncannyowl | 1 Uncanny Automator | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator Pro: from n/a through 5.3.0.0. | ||||
| CVE-2024-9361 | 1 Giuliopanda | 1 Bulk Images Optimizer | 2024-11-01 | 4.3 Medium |
| The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options. | ||||
| CVE-2024-50423 | 2024-11-01 | 5.4 Medium | ||
| Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5. | ||||
| CVE-2024-50424 | 2024-11-01 | 6.5 Medium | ||
| Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5. | ||||
| CVE-2024-50428 | 2024-11-01 | 4.3 Medium | ||
| Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21. | ||||
| CVE-2024-50422 | 1 Cloudways | 1 Breeze | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.1.14. | ||||
| CVE-2024-50421 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through 3.8.6. | ||||
| CVE-2024-50454 | 1 Seopress | 1 Seopress | 2024-11-01 | 5.3 Medium |
| Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1. | ||||
| CVE-2024-10399 | 2024-11-01 | 4.3 Medium | ||
| The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_search_users function in all versions up to, and including, 5.0.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain usernames and emails of site users. | ||||
| CVE-2024-44156 | 1 Apple | 1 Macos | 2024-11-01 | 7.1 High |
| A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences. | ||||
| CVE-2024-42934 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2024-10-31 | 5 Medium |
| OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution. | ||||
| CVE-2024-20463 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition. | ||||
| CVE-2020-36840 | 1 Motopress | 1 Timetable And Event Schedule | 2024-10-30 | 7.3 High |
| The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more. | ||||
| CVE-2024-44265 | 1 Apple | 1 Macos | 2024-10-30 | 7.5 High |
| The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An attacker with physical access can input Game Controller events to apps running on a locked device. | ||||
| CVE-2024-44208 | 1 Apple | 1 Macos | 2024-10-30 | 7.5 High |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. An app may be able to bypass certain Privacy preferences. | ||||