Medium
CVE-2024-0451
The AI ChatBot plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the openai_file_list_callback function in all versions up to, and including, 5.3.…
Tag: Unauthenticated/Unauthorized Access
All CVEs associated with "Unauthenticated/Unauthorized Access". Page 50/128 • 15328 CVEs.
Subscribe CVEs: RSS for “Unauthenticated/Unauthorized Access” · RSS (High+Critical only)
About “Unauthenticated/Unauthorized Access”
A curated feed of “Unauthenticated/Unauthorized Access”-related CVEs appears below. We currently track 15328 CVEs for this tag (all time). In the last 365 days, 3832 were published. Average CVSS is 7.4 (all time; 7.4 over 365d), and 61% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-306 - Missing Authentication for Critical Function, CWE-639 - Authorization Bypass Through User-Controlled Key.
In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-05-22
2024-05-21
Medium
CVE-2024-4154
In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PA…
Medium
CVE-2024-31845
An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string p…
Medium
CVE-2024-31844
An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated…
Medium
CVE-2024-4875
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in ve…
2024-05-20
Critical
CVE-2024-4985
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulner…
2024-05-19
Critical
CVE-2024-36081
Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should no…
2024-05-17
Medium
CVE-2024-23583
An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems.
Medium
CVE-2024-32827
Authentication Bypass by Spoofing vulnerability in RafflePress Giveaways and Contests allows Functionality Bypass.This issue affects Giveaways and Contests: from n/a through 1.12.7.
Medium
CVE-2024-32786
Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through 1.3.93.
Low
CVE-2024-32708
Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality Bypass.This issue affects Maintenance Mode: from n/a through 3.0.1.
Medium
CVE-2024-33917
Authentication Bypass by Spoofing vulnerability in webtechideas WTI Like Post allows Functionality Bypass.This issue affects WTI Like Post: from n/a through 1.4.6.
Medium
CVE-2024-30522
Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The Newsletter Team Newsletter allows Functionality Bypass.This issue affects Newsletter: from n/a through 8.2.0.
Low
CVE-2024-30480
Authentication Bypass by Spoofing vulnerability in Pippin Williamson CGC Maintenance Mode allows Functionality Bypass.This issue affects CGC Maintenance Mode: from n/a through 1.2.
Medium
CVE-2024-30479
Authentication Bypass by Spoofing vulnerability in LionScripts IP Blocker Lite allows Functionality Bypass.This issue affects IP Blocker Lite: from n/a through 11.1.1.
Medium
CVE-2024-25906
Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through 1.2.2.
Medium
CVE-2024-25595
Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1.
Low
CVE-2024-22139
Authentication Bypass by Spoofing vulnerability in Filipe Seabra WordPress Manutenção allows Functionality Bypass.This issue affects WordPress Manutenção: from n/a through 1.0.6.
Medium
CVE-2024-21746
Authentication Bypass by Spoofing vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Identity Spoofing.This issue affects Wp Ultimate Review: from n/a through <= 2.3.6.
2024-05-16
Critical
CVE-2024-22476
Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
High
CVE-2024-21864
Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via adjace…
Medium
CVE-2023-47210
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
Medium
CVE-2023-40536
Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
High
CVE-2023-38654
Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent…
Medium
CVE-2023-38417
Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
High
CVE-2024-3286
A buffer overflow vulnerability was identified in some Lenovo printers that could allow an unauthenticated user to trigger a device restart by sending a specially crafted web request.
High
CVE-2024-4956
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
Critical
CVE-2023-48643
Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. The product allows users to configure authorization checks as shell commands through the tac_pl…
High
CVE-2024-4352
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The…
High
CVE-2024-4351
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'authenticate' function in all version…
High
CVE-2024-4222
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to,…
Critical
CVE-2024-4223
The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and…
High
CVE-2024-3403
imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality t…
2024-05-15
Critical
CVE-2024-33625
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.
Medium
CVE-2024-20391
A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.…
Medium
CVE-2024-4837
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary…
Medium
CVE-2024-3488
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.
Low
CVE-2024-3487
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.
High
CVE-2024-4010
The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handle_ajax…
Critical
CVE-2024-4893
DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and de…
Medium
CVE-2024-4199
The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, a…
2024-05-14
High
CVE-2022-28132
The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate…
Medium
CVE-2024-26007
An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrati…
High
CVE-2023-40720
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP confi…
Medium
CVE-2024-3374
An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue aff…
Critical
CVE-2024-33006
An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system.
High
CVE-2024-32977
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely…
Medium
CVE-2024-32733
Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code i…
Critical
CVE-2024-27939
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this…
Medium
CVE-2024-25969
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. A local unauthenticated attacker could potentially exploit this vu…
Medium
CVE-2024-25968
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulner…
Medium
CVE-2024-25966
Dell PowerScale OneFS versions 8.2.x through 9.7.0.2 contains an improper handling of unexpected data type vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerabilit…
Medium
CVE-2024-4425
The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used…
High
CVE-2024-4423
The access control in CemiPark software does not properly validate user-entered data, which allows the authentication bypass. An attacker who has network access to the login panel can log in with adm…
Medium
CVE-2024-4232
This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to lack of encryption or hashing in storing of passwords within the router's firmware/…
High
CVE-2024-4129
Improper Authentication vulnerability in Snow Software AB Snow License Manager on Windows allows a networked attacker to perform an Authentication Bypass if Active Directory Authentication is enabled…
Medium
CVE-2024-3722
The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. T…
Critical
CVE-2024-3263
YMS VIS Pro is an information system for veterinary and food administration, veterinarians and farm. Due to a combination of improper method for system credentials generation and weak password policy…
Critical
CVE-2024-3016
NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthentica…
Medium
CVE-2024-34749
Phormer prior to version 3.35 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote unauthenticated attacker may execute an arbitrary script on the web browser o…
Critical
CVE-2024-34070
Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxl…
Medium
CVE-2024-2299
A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers c…
Critical
CVE-2024-29895
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the…
High
CVE-2024-27790
Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2…
High
CVE-2024-23473
The SolarWinds Access Rights Manager was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability allows access to the RabbitMQ management consol…
Medium
CVE-2023-6327
The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, a…
Medium
CVE-2023-37526
HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized acces…
High
CVE-2022-4967
strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate client…
2024-05-08
Critical
CVE-2024-4393
The Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2. This is due to insufficient verification on the OpenID server being supplied duri…
2024-05-07
Medium
CVE-2024-23551
Database scanning using username and password stores the credentials in plaintext or encoded format within files at the endpoint. This has been identified as a significant security risk. This will le…
Low
CVE-2024-29210
A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allo…
Medium
CVE-2023-6810
The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to, and inc…
Critical
CVE-2024-4186
The Edwiser Bridge plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and…
Medium
CVE-2024-20866
Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step.
Medium
CVE-2024-20865
Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images.
Medium
CVE-2024-2913
A race condition vulnerability exists in the mintplex-labs/anything-llm repository, specifically within the user invite acceptance process. Attackers can exploit this vulnerability by sending multipl…
2024-05-06
Medium
CVE-2024-34383
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1.
Medium
CVE-2024-34093
An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X…
High
CVE-2024-32982
Litestar and Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.8.3, 2.7.2, and 2.6.4, a Local File Inclusion (LFI) vulnerability has been discovered in the static file…
High
CVE-2024-33753
Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization.
2024-05-03
Medium
CVE-2024-3108
An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization.
Medium
CVE-2023-41830
An improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without authorization.
Medium
CVE-2023-41828
An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider.
High
CVE-2023-51629
D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300…
Critical
CVE-2023-51574
Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installat…
High
CVE-2023-50199
D-Link G416 httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installat…
High
CVE-2023-44420
D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on af…
Critical
CVE-2023-44411
D-Link D-View InstallApplication Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-…
High
CVE-2023-42034
Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installati…
High
CVE-2023-41183
NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Aut…
High
CVE-2023-40511
LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is…
High
CVE-2023-40510
LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authenticatio…
Medium
CVE-2023-39480
Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of…
High
CVE-2023-39479
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integra…
Medium
CVE-2023-39458
Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected ins…
Critical
CVE-2023-39457
Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA…
High
CVE-2023-38123
Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication…
Critical
CVE-2023-38096
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NE…
High
CVE-2023-35724
D-Link DAP-2622 Telnet CLI Use of Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of…
High
CVE-2023-35717
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link Tapo C210 I…
Medium
CVE-2023-34284
NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX…
High
CVE-2023-34282
D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affecte…
High
CVE-2023-34274
D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication o…
Critical
CVE-2023-32169
D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View.…
Medium
CVE-2023-32152
D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 rout…
Medium
CVE-2023-32148
D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 route…
High
CVE-2023-32145
D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 r…
High
CVE-2023-27369
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations o…
High
CVE-2023-27368
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…
2024-05-02
High
CVE-2024-4215
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate…
Medium
CVE-2024-3942
The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on…
Medium
CVE-2024-3897
The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions…
Critical
CVE-2024-3729
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This…
Medium
CVE-2024-3601
The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions…
Medium
CVE-2024-3585
The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and includ…
Medium
CVE-2024-3546
The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and…
Medium
CVE-2024-3206
The Different Menu in Different Pages – Control Menu Visibility (All in One) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax() function in all…
Medium
CVE-2024-2043
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submiss…
Medium
CVE-2024-1809
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX function…
Medium
CVE-2024-1688
The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_orders_archive() function in all versions up to, and including, 3.1.…