Total
4055 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11125 | 1 Get-simple | 1 Getsimplecms | 2024-11-15 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-52549 | 2024-11-15 | N/A | 4.3 MEDIUM | ||
| Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. | |||||
| CVE-2024-52554 | 2024-11-15 | N/A | 8.8 HIGH | ||
| Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection. | |||||
| CVE-2024-52382 | 2024-11-15 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in Medma Technologies Matix Popup Builder allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through 1.0.0. | |||||
| CVE-2024-52383 | 2024-11-15 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in KCT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.2. | |||||
| CVE-2024-9578 | 2024-11-13 | N/A | 5.3 MEDIUM | ||
| The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to do_shortcode being hooked through the comment_text filter in all versions up to and including 1.4.2. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site. | |||||
| CVE-2024-10629 | 2024-11-13 | N/A | 8.8 HIGH | ||
| The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-10802 | 2024-11-13 | N/A | 5.3 MEDIUM | ||
| The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users. | |||||
| CVE-2024-10717 | 2024-11-13 | N/A | 6.5 MEDIUM | ||
| The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. Note: This issue can also be used to add arbitrary options with an empty value. | |||||
| CVE-2024-10852 | 2024-11-13 | N/A | 4.3 MEDIUM | ||
| The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export plugin settings. | |||||
| CVE-2024-43919 | 1 Yarpp | 1 Yet Another Related Posts Plugin | 2024-11-13 | N/A | 9.8 CRITICAL |
| Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10. | |||||
| CVE-2024-47768 | 1 Lifplatforms | 1 Lif Authentication Server | 2024-11-13 | N/A | 8.1 HIGH |
| Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3. | |||||
| CVE-2024-43314 | 1 Gabelivan | 1 Asset Cleanup | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3. | |||||
| CVE-2024-43332 | 1 Meowapps | 1 Photo Engine | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0. | |||||
| CVE-2024-43341 | 1 Cozythemes | 1 Hello Agency | 2024-11-13 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5. | |||||
| CVE-2024-43343 | 1 Etoilewebdesign | 1 Order Tracking | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12. | |||||
| CVE-2024-43355 | 1 Beardev | 1 Joomsport | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0. | |||||
| CVE-2024-43923 | 1 Arraytics | 1 Wp Timetics | 2024-11-13 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23. | |||||
| CVE-2024-43925 | 1 Enviragallery | 1 Envira Gallery | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.14. | |||||
| CVE-2024-43932 | 1 Posimyth | 1 The Plus Addons For Elementor | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.2. | |||||